Try our new research platform with insights from 80,000+ expert users
Wazuh Logo

Wazuh Reviews

Vendor: Wazuh
3.7 out of 5
Badge Ranked 1
Leave a review

What is Wazuh?

Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.

Get the Wazuh Buyer's Guide and find out what your peers are saying about Wazuh, CrowdStrike Falcon, Microsoft Sentinel and more!
Wazuh is the #1 ranked solution in Log Management Software, #2 ranked solution in top Security Information and Event Management (SIEM) solutions, and #5 ranked solution in XDR Security products. PeerSpot users give Wazuh an average rating of 7.4 out of 10. Wazuh is most commonly compared to CrowdStrike Falcon: Wazuh vs CrowdStrike Falcon. Wazuh is popular among the large enterprise segment, accounting for 46% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 15% of all views.
Buyer's Guide
Wazuh
June 2025
Get the report
Helped 864,722 peers since 2012

Featured Wazuh reviews

Read more reviews

Wazuh mindshare

Product category:
Security Information and Event Manage...
As of August 2025, the mindshare of Wazuh in the Security Information and Event Management (SIEM) category stands at 11.8%, down from 16.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Security Information and Event Management (SIEM)

PeerResearch reports based on Wazuh reviews

TypeTitleDate
CategorySecurity Information and Event Management (SIEM)Aug 11, 2025Download
ProductReviews, tips, and advice from real usersAug 11, 2025Download
ComparisonWazuh vs Splunk Enterprise SecurityAug 11, 2025Download
ComparisonWazuh vs Microsoft SentinelAug 11, 2025Download
ComparisonWazuh vs IBM Security QRadarAug 11, 2025Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.34.7%96%132 interviewsAdd to research
Microsoft Sentinel4.16.6%93%98 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Wazuh's most valued features include SCA capabilities, intuitive interface, open-source nature, visualization and indexing services, file integrity and vulnerability management, scalability on Azure, integration with various security solutions, EDR, SIEM modules, flexibility, easy deployment, PCI compliance, threat hunting, intrusion detection, customizable dashboards, cloud-native infrastructure, vulnerability assessment, and comprehensive compliance support. Users appreciate its ability to monitor endpoints and integrate with AWS cloud services.
  • "I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good."
  • "Overall, I rate Wazuh a nine out of ten."
  • "I would recommend Wazuh to others."

Room for Improvement

Wazuh's user interface requires improvement. Its scalability and integration capabilities could benefit from enhancements, particularly for large enterprises. Users express dissatisfaction with threat intelligence, alerting complexity, and absence of AI features. Deployment and configuration complexities hamper usability. Real-time monitoring for Unix systems, log data analysis, and cloud integration are areas needing attention. The lack of inbuilt templates and limitations with rule customization and reporting creates challenges in achieving optimal functionality. AI capabilities and user guidance require further development.
  • "Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time."
  • "When I face a challenge, I prefer not to spend too much time on it and may move to another solution that will give us the results."
  • "There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements."

ROI

Users report that Wazuh significantly reduces time to detect and respond to threats, lowering detection from months to an hour and response from weeks to days. It offers substantial cost savings compared to other security options, beneficial for small to medium businesses. Users have avoided large lump sum payments and enjoyed using their own security systems. Though specifics are confidential, cost-effective security costs were highlighted, without any comparison to previous solutions.

Pricing

Wazuh is an open-source solution, making it an affordable option for organizations. While there are no licensing fees for the software itself, costs can arise from supporting infrastructure and optional support services, which can range from $1,000 annually to third-party related expenses. Some users mention additional costs for log storage and managed services. Overall, users find Wazuh pricing competitive, especially against enterprise solutions like Splunk, with the open-source version being particularly cost-effective.
  • "The product price is neither too high nor too low."
  • "Wazuh is an open-source tool."
  • "Wazuh is a cheaply priced product."

Popular Use Cases

Organizations primarily use Wazuh for security information and event management, log aggregation, and endpoint monitoring. They integrate Wazuh with cloud infrastructure for compliance and event detection. Wazuh helps track vulnerabilities, ensures regulatory adherence, and performs threat detection. Many employ it for file integrity, forensic tasks, and customizing security modules, benefiting from its open-source and cost-effective nature. It is widely deployed in sectors like finance, healthcare, and telecommunications for ensuring robust cybersecurity frameworks.

Service and Support

Wazuh's customer service and support receive mixed feedback. Many benefit from the community resources, forums, and documentation, with some rating it eight out of ten. Paid support exists, but challenges like time zone differences and delayed responses are noted. Users often rely on third-party or community support, especially when using the open-source version. Satisfaction varies, with some describing it as excellent, while others see room for improvement in responsiveness and service quality.

Deployment

Wazuh's initial setup experiences vary. Many users find it straightforward, citing comprehensive documentation and pre-configured scripts. Some describe the process as simple and quick, with a few hours needed, while others report challenges, especially with complex configurations requiring expert support. Maintenance and integration can be demanding when involving multiple systems or custom solutions. Smaller projects tend to be simpler, but larger deployments sometimes demand more planning and resources. User ratings fluctuate between easy and moderate difficulty.

Scalability

Wazuh exhibits high scalability, though some users mention setup challenges. It efficiently supports small to medium enterprises, adapting to various environments. Users note flexibility in deployment and configuration, but technical expertise is required for optimal use. Some rate scalability highly, while others see room for improvement, especially with large data handling. Overall, Wazuh accommodates multiple endpoints effectively and can be scaled according to the resources and infrastructure available to users.

Stability

Wazuh is generally stable and receives a 7-9 out of 10 rating for reliability. Many users report it remains stable with regular updates. Some experience minor glitches, particularly with configuration issues, new features, or updates. Regular maintenance is crucial for optimal performance. While some face fewer incidents, others have encountered problems due to human error or environmental factors, indicating stability may vary depending on specific implementation and maintenance practices.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Wazuh Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
15%
Comms Service Provider
9%
University
8%
Manufacturing Company
7%
Government
7%
Educational Organization
7%
Financial Services Firm
6%
Retailer
5%
Healthcare Company
4%
Media Company
3%
Construction Company
3%
Hospitality Company
3%
Non Profit
3%
Real Estate/Law Firm
3%
Insurance Company
2%
Energy/Utilities Company
2%
Outsourcing Company
2%
Legal Firm
1%
Wholesaler/Distributor
1%
Transportation Company
1%
Performing Arts
1%
Consumer Goods Company
1%
Recreational Facilities/Services Company
1%
Aerospace/Defense Firm
1%
Pharma/Biotech Company
1%

Compare Wazuh with alternative products

Go!

Learn more about Wazuh

It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.

  • Wazuh’s agent can run on many different platforms, and is lightweight. It can successfully perform the tasks needed to detect threats in order to trigger responses automatically.
  • Wazuh manages the agents, can analyze agent data, and can scale horizontally.
  • Elastic Stack is where alerts are indexed and stored.

Wazuh Capabilities

Some of Wazuh’s most notable capabilities include:

  • Intrusion detection: Wazuh’s agents can detect hidden files, cloaked processes, or unregistered network listeners, as well as inconsistencies in system call responses. Wazuh’s server component uses a signature-based approach to intrusion detection, using its regular expression engine to analyze collected log data and look for indicators of compromise.

  • Log data analysis: Wazuh can read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.

  • Integrity monitoring: File integrity monitoring can help identify changes in content, ownership, permissions, and attribute of files. Wazuh’s file integrity monitoring can be used in conjunction with threat intelligence.

  • Vulnerability detection: Wazuh agents can identify well-known vulnerable software so you can see where your weak spots are and take action before an attack can exploit them.

  • Configuration assessment: System and application configurations are monitored to make sure they are compliant with security policies. Periodic scans are used to detect applications that are known to be vulnerable, insecurely configured, or unpatched.
  • Incident response: Wazuh responds actively when active threats need to be addressed. It can perform countermeasures like blocking access to a system when a threat source is identified.

  • Regulatory compliance: Wazuh includes the security controls required to be compliant with industry regulations and standards.

  • Cloud security: Wazuh’s light-weight and multi-platform agents are commonly used to monitor cloud environments at the instance level. In addition, Wazuh helps monitor cloud infrastructure at an API level.

  • Security for containers: With Wazuh, you have increased security visibility into hosts and containers, allowing for easier detection of threats, anomalies, and vulnerabilities.

Wazuh Benefits

Some of the most valued benefits of Wazuh include:

  • No vendor lock-in
  • No license costs
  • Uses lightweight, multi-platform agents
  • Free community support

Wazuh Offers

  • Annual support and maintenance
  • Assistance with deployment and configuration
  • Training and instructional hands-on courses

Reviews From Real Users

"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited

The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm

Related articles

Julia Miller - PeerSpot reviewer
Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries
Read more

Related questions

  • 506
What is the difference between SIEM and Next-Gen SIEM solutions?
  • 191
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 52
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 104
What are the main differences between Nessus and Arcsight?
  • 25
What's The Best Way to Trial SIEM Solutions?
  • 143
Which is the best SIEM solution for a government organization?
  • 846
What is the difference between IT event correlation and aggregation?
  • 82
What Is SIEM Used For?
  • 35
RSA-EMC vs. other SIEM products?
  • 369
What Questions Should I Ask Before Buying SIEM?

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
Dynatrace vs Wazuh Logo
Dynatrace vs Wazuh
Datadog vs Wazuh Logo
Datadog vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Darktrace vs Wazuh Logo
Darktrace vs Wazuh
SentinelOne Singularity Complete vs Wazuh Logo
SentinelOne Singularity Complete vs Wazuh
Microsoft Defender XDR vs Wazuh Logo
Microsoft Defender XDR vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Cortex XDR by Palo Alto Networks vs Wazuh Logo
Cortex XDR by Palo Alto Networks vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Grafana Loki vs Wazuh Logo
Grafana Loki vs Wazuh
Elastic Observability vs Wazuh Logo
Elastic Observability vs Wazuh
Trellix Endpoint Security Platform vs Wazuh Logo
Trellix Endpoint Security Platform vs Wazuh
Graylog vs Wazuh Logo
Graylog vs Wazuh
See all alternatives
 

Wazuh reviews

Sort by:
EO
Security Consultant at ebenezer.okoh@agorasecurity.it
Verified user of Wazuh
Jun 3, 2025
Innovative platform enables proactive threat hunting and endpoint monitoring

Pros

"Overall, I rate Wazuh a nine out of ten."

Cons

"When I face a challenge, I prefer not to spend too much time on it and may move to another solution that will give us the results."

What is our primary use case?

I use Wazuh for daily security operations mainly on EDR endpoints by installing it on the agents that we are monitoring to collect security data. It helps us monitor endpoints and know what is going on at each endpoint, and we are able to tap the data and use it in other platforms such as SOAR.

I find the threat hunting features of Wazuh most valuable, as we are more interested in the threat hunting side and want to move ahead into threat hunting before any threat becomes something that cannot be dealt with. Wazuh has a threat hunting functionality that we use extensively.

The intrusion detection capabilities work effectively in my environment, as we also have firewalls, and we rely more on the firewall side for intrusion detection.

What is most valuable?

The threat hunting features of Wazuh are particularly valuable for our operations. We focus heavily on threat hunting capabilities to address potential threats before they become unmanageable.

The intrusion detection capabilities integrate seamlessly with our existing firewall infrastructure. The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (715 words)
PeerSpot user
Cyber Security Software Engineer at a tech services company with 11-50 employees
Verified user of Wazuh
Jun 3, 2025
Open source flexibility supports cost reduction and efficiency

Pros

"I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good."

Cons

"Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time."

What is our primary use case?

Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I completed one project where I removed malware.

What is most valuable?

The valuable features of Wazuh include being open source and having the capacity to be used for anything desired. It allows for creating new automations, whereas other Software as a Service platforms have their own business models. With this open source tool, organizations can establish their own customized setup.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (623 words)
Buyer's Guide
Wazuh
Download free report
Find out what your peers are saying about Wazuh. Updated June 2025
864,722 professionals have used our research since 2012.
Sandip_Patel - PeerSpot user
Student at Dakota State University
Verified user of Wazuh
Nov 23, 2024
Evaluating robust file monitoring with insights for community support improvements

Pros

"Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs."

Cons

"An issue I noticed is with tag values in certain rules not functioning properly. "

What is our primary use case?

I am currently evaluating and using Wazuh for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and evaluate Wazuh as part of my learning and work experience.

What is most valuable?

Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (488 words)
MS
Software Engineer at i2c Inc.
Verified user of Wazuh
Jul 22, 2024
Offers an open-source version and is useful for its SIEM and XDR features

Pros

"The product's initial setup phase was easy."

Cons

"Wazuh currently fails to provide its users with AI and ML."

What is our primary use case?

I use the solution in my company as an open-source tool and in our organization as an SIEM and XDR. We mainly use it as a SIEM tool. Moreover, we can use it with Palo Alto Networks XDR for vulnerability scanning because it provides us with vulnerability detection modules. We also use SDS and IDS frameworks as my company is a fintech. We use PCI DSS and NIST 800-53 framework, which is provided by Wazuh.

What is most valuable?

The solution's most valuable features are the SIEM modules, vulnerability detection modules, NIST 800-53, and the MITRE framework. I think these four are the most valuable core things provided by Wazuh as an open-source tool.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (691 words)
SC
Security Operations Center Analyst at mailbox.org
Verified user of Wazuh
Mar 2, 2025
Open source customization and CVE reporting enhance threat detection

Pros

"I would recommend Wazuh to others."

Cons

"There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements."

What is our primary use case?

We use Wazuh as a SIEM solution because it is open source, highly customizable, and continually expanding. Our clients can request various solutions for their issues, which Wazuh is able to address.

What is most valuable?

One of the most valuable features of Wazuh is its capability as a CVE helper. It assists in pulling reports about active CVEs in the system. Wazuh is a SIEM tool that is highly customizable and versatile. The fact that it is open source means it is always being expanded, which is beneficial for customizing solutions for individual client requests.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (362 words)
PeerSpot user
Tech Lead at a tech vendor with 201-500 employees
Verified user of Wazuh
Nov 7, 2024
Product version discussed: 4.7
Improved security visibility but needs better support and integration

Pros

"We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh."

Cons

"The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively. "

What is our primary use case?

Our primary use case was around data collection and anomaly detection. We integrated Wazuh with Google Cloud and other cloud providers to receive alerts and insights if there is any unauthorized data access in the production environment. 

We also monitor virtual machines for any malicious command execution and get notifications for any privilege access attempts. Additionally, we detect anomalies in traffic patterns related to specific client accounts.

How has it helped my organization?

Wazuh has provided us with excellent clarity on data access, allowing us to significantly reduce instances of unnecessary production environment access and improve processes. 

We now have real-time visibility into the production environment on both cloud and critical virtual machines, which was not possible with our previous manual audits.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (632 words)
Godwin Edmond - PeerSpot user
Senior Security Information Analyst at Carbon MFB
Verified user of Wazuh
Oct 30, 2024
Product version discussed: 4.9
Enhances security visibility with proactive incident response features

Pros

"The most valuable feature of Wazuh is its EDR capabilities. "

Cons

"So far, the recent updates have addressed most challenges we previously faced."

What is our primary use case?

We use Wazuh for our Security Information and Event Management (SIEM) needs. It serves as a log aggregator and provides us the capability to monitor our servers for brute force attacks and other security threats. 

We use Wazuh's vulnerability management dashboard to scan our servers for vulnerabilities and ensure compliance with standards such as HIPAA and PCI DSS.

How has it helped my organization?

Wazuh has enhanced our security posture by providing visibility into our environment and enabling proactivity in incident response. It alerts us to any discrepancies in the environment, allowing us to respond swiftly. 

Additionally, it supports features like active response, blocking potential intrusions automatically.

*Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Read full review (509 words)
PubuduWijerathne - PeerSpot user
Systems Administration Engineer at 5G Networks Ltd
Verified user of Wazuh
Jul 30, 2024
Enables us to monitor server changes like password changes and account privilege changes

Pros

"Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories. Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports."

Cons

"I want more support for regional compliance standards to serve my ANZ region customers better."

What is our primary use case?

We recommend and assist our clients using Wazuh for semi-custom solutions for critical sectors like telecommunication, healthcare, government, or military. Wazuh helps them solve critical in a limited time. Their operations are already digital, but I haven't worked with highly critical customers. 

My customers mainly use Wazuh for threat detection in industries with mostly Windows servers. We monitor server changes like password changes and account privilege changes. Wazuh makes it easy to track these changes without needing to check the domain controller. We open the Wazuh interface to see all the details. That's why I love Wazuh, though I get nervous too.

What is most valuable?

Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories.

Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports.

*Disclosure: My company has a business relationship with this vendor other than being a customer. msp
Read full review (565 words)