Try our new research platform with insights from 80,000+ expert users
Wazuh Logo

Wazuh Reviews

Vendor: Wazuh
3.7 out of 5
Badge Ranked 1
Leave a review

What is Wazuh?

Get the Wazuh Buyer's Guide and find out what your peers are saying about Wazuh, CrowdStrike Falcon, Datadog and more!
Wazuh is the #1 ranked solution in Log Management Software, #2 ranked solution in top Security Information and Event Management (SIEM) solutions, and #4 ranked solution in XDR Security products. PeerSpot users give Wazuh an average rating of 7.4 out of 10. Wazuh is most commonly compared to CrowdStrike Falcon: Wazuh vs CrowdStrike Falcon. Wazuh is popular among the large enterprise segment, accounting for 45% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 14% of all views.
Buyer's Guide
Wazuh
December 2025
Get the report
Helped 879,310 peers since 2012

Featured Wazuh reviews

Read more reviews

Wazuh mindshare

Product category:
Security Information and Event Manage...
As of December 2025, the mindshare of Wazuh in the Security Information and Event Management (SIEM) category stands at 8.3%, down from 15.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
Wazuh8.3%
Splunk Enterprise Security8.0%
IBM Security QRadar6.0%
Other77.7%
Security Information and Event Management (SIEM)

PeerResearch reports based on Wazuh reviews

TypeTitleDate
CategorySecurity Information and Event Management (SIEM)Dec 30, 2025Download
ProductReviews, tips, and advice from real usersDec 30, 2025Download
ComparisonWazuh vs Splunk Enterprise SecurityDec 30, 2025Download
ComparisonWazuh vs Microsoft SentinelDec 30, 2025Download
ComparisonWazuh vs IBM Security QRadarDec 30, 2025Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.33.6%97%136 interviewsAdd to research
Datadog4.3N/A97%209 interviewsAdd to research
 
 
Key learnings from peers
Last updated Dec 28, 2025

Valuable Features

Wazuh's most valued attributes include MITRE ATT&CK correlation, seamless integration with environments, effective SIEM features, ELK for investigations, PCI DSS compliance, cloud-native infrastructure, monitoring, vulnerability assessment, active response, and scalability. Users appreciate open-source accessibility, ease of deployment, comprehensive compliance capabilities, customizable dashboards, and robust documentation. Wazuh excels in threat hunting, CVE management, intrusion detection, and enhancing endpoint security. Community support and cost-effectiveness enhance its appeal for many organizations.

  • "When we talk about functionality, the most valuable feature or function I have found in Wazuh is Wazuh EDR agent with EDR capabilities."
  • "I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good."
  • "Overall, I rate Wazuh a nine out of ten."

Room for Improvement

Wazuh's interface is not user-friendly, requiring manual configuration for alerts and monitoring. Threat intelligence and AI capabilities are lacking, limiting proactive security measures. Scalability and deployment complexity present challenges, especially for large enterprises. Integration with enterprise solutions and support for various log sources needs enhancement. The system can be resource-intensive, with issues in handling large amounts of data efficiently. Improvement in reporting, particularly for executive levels, is also suggested.
  • "However, in the long term, if you want to build a SOC center on Wazuh, I do not recommend it because it's not stable."
  • "Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time."
  • "When I face a challenge, I prefer not to spend too much time on it and may move to another solution that will give us the results."

ROI

Wazuh provides significant cost savings by reducing licensing expenses and total security costs for small and medium enterprises. Users report substantial improvements in detection and response times, cutting detection from three months to an hour and response from 30 days to two days. Organizations appreciate the cost efficiency compared to other market options. There's also financial advantage through reducing lump sum payments while maintaining effective security systems without needing proprietary EDR solutions.

Pricing

Wazuh offers an open-source solution, making it free to use without licensing costs, appealing to organizations with tight budgets. Although setting up Wazuh may involve time and effort, additional expenses are primarily related to support and infrastructure. Support can cost around $1,000 annually, while log storage may range from $20,000 to $30,000 per year. Users rate its pricing as competitive compared to alternatives like ELK Stack. Managed cloud hosting requires separate licensing fees.
  • "The product price is neither too high nor too low."
  • "Wazuh is an open-source tool."
  • "Wazuh is a cheaply priced product."

Popular Use Cases

Wazuh is primarily used for security information and event management, log aggregation, vulnerability detection, and regulatory compliance. Organizations utilize it for monitoring infrastructure and endpoints, correlating logs to detect anomalies, and managing cybersecurity threats. It supports financial, healthcare, and telecommunication sectors with features like endpoint detection, compliance checks, threat hunting, and file integrity monitoring. Deployed in cloud and on-premise environments, it integrates with various platforms for enhanced security and cost-effective solutions.

Service and Support

Wazuh's customer service is rated highly, with many users expressing satisfaction through community forums, online documentation, and technical support. While some experience issues due to time zone differences or lack of direct access, others find community channels helpful. Open-source users rely on forums as paid support is not mandatory. Technical support is often rated around eight out of ten, with some suggesting room for improvement in response times and accessibility.

Deployment

Users' experiences with Wazuh's initial setup vary. While many find it straightforward with good documentation, particularly on-premises, some encounter challenges with integrations and configurations. A few describe it as complex, requiring skilled personnel and longer deployment times, especially for larger or customized environments. Cloud platforms tend to simplify the process. Feedback suggests differing levels of difficulty depending on the team's expertise, with timelines ranging from hours to weeks.

Scalability

Wazuh is considered scalable by many users, though some note challenges with deployment and configuration. It can accommodate many endpoints and is suitable for small to medium-sized businesses. Users mention that technical expertise is needed for setup. While Wazuh handles scaling effectively in clustered environments, some find limitations in handling extensive data and see room for improvement. Ratings for Wazuh's scalability range between six and ten.

Stability

Wazuh stability is generally rated between six to nine out of ten. Many users report it as stable, but some encounter issues due to frequent updates and maintenance lapses. Minor glitches and configuration errors occasionally arise. When maintained well, it performs reliably, yet improper upkeep can affect operation. Stability concerns often involve storage and log retention. Despite these issues, many find it a robust option, especially for small to mid-level organizations.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Wazuh Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business23
Midsize Enterprise12
Large Enterprise8
By reviewers
By visitors reading reviews
Company SizeCount
Small Business1897
Midsize Enterprise1069
Large Enterprise2402
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
14%
Comms Service Provider
10%
University
8%
Manufacturing Company
7%
Educational Organization
7%
Government
6%
Financial Services Firm
6%
Retailer
5%
Healthcare Company
4%
Media Company
3%
Outsourcing Company
3%
Construction Company
3%
Hospitality Company
3%
Real Estate/Law Firm
3%
Non Profit
2%
Energy/Utilities Company
2%
Insurance Company
2%
Transportation Company
1%
Legal Firm
1%
Wholesaler/Distributor
1%
Performing Arts
1%
Recreational Facilities/Services Company
1%
Consumer Goods Company
1%
Aerospace/Defense Firm
1%
Pharma/Biotech Company
1%

Compare Wazuh with alternative products

Go!

Learn more about Wazuh

Wazuh offers an open-source platform designed for seamless integration into diverse environments, making it ideal for enhancing security infrastructure. Its features include log monitoring, compliance support, and real-time threat detection, providing effective cybersecurity management.

Wazuh stands out for its ability to integrate easily with Kubernetes, cloud-native infrastructures, and various SIEM platforms like ELK. It features robust MITRE ATT&CK correlation, comprehensive log monitoring capabilities, and detailed reporting dashboards. Users benefit from its file integrity monitoring and endpoint detection and response (EDR) capabilities, which streamline compliance and vulnerability assessments. While appreciated for its customization and easy deployment, room for improvement exists in scalability, particularly in the free version, and in areas such as threat intelligence integration, cloud integration, and container security. The platform is acknowledged for its strong documentation and technical support.

What are the key features of Wazuh?
  • MITRE ATT&CK Correlation: Streamlines threat analysis by correlating security data with known attack patterns.
  • Log Monitoring: Provides continuous oversight of log data to enhance security insights.
  • SIEM and ELK Integration: Simplifies centralization of security events and analytics.
  • Kubernetes Support: Ensures security measures align with containerized environments.
  • File Integrity Monitoring: Alerts on unauthorized changes to critical files.
  • Endpoint Detection and Response: Identifies and mitigates endpoint threats efficiently.
  • Compliance and Benchmarking: Built-in rules assist in meeting regulatory standards.
What benefits and ROI should users look for?
  • Cost-Effectiveness: Offers an affordable open-source security solution tailored for extensive customization.
  • Customization: Users can adjust features to fit unique security requirements.
  • Scalability: Facilitates growth by adapting to expanding security needs.
  • Comprehensive Support: Backed by detailed documentation and technical expertise.
  • Regulatory Compliance: Helps maintain adherence to industry-specific regulations.

In industries like finance, healthcare, and technology, Wazuh is utilized for its capabilities in log aggregation, threat detection, and vulnerability management. Companies often implement its features to ensure compliance with stringent regulations and to enhance security practices across cloud environments. By leveraging its integration capabilities, organizations can achieve unified security management, ensuring comprehensive protection of their digital assets.

Wazuh was previously known as Wazuh All-In-One Deployment.

Related articles

Julia Miller - PeerSpot reviewer
Julia Miller
Community Director at PeerSpot
Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries
Read more

Related questions

  • 439
What is the difference between SIEM and Next-Gen SIEM solutions?
  • 130
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 70
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 76
What are the main differences between Nessus and Arcsight?
  • 55
What's The Best Way to Trial SIEM Solutions?
  • 118
Which is the best SIEM solution for a government organization?
  • 569
What is the difference between IT event correlation and aggregation?
  • 59
What Is SIEM Used For?
  • 48
RSA-EMC vs. other SIEM products?
  • 252
What Questions Should I Ask Before Buying SIEM?

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Datadog vs Wazuh Logo
Datadog vs Wazuh
Dynatrace vs Wazuh Logo
Dynatrace vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Darktrace vs Wazuh Logo
Darktrace vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
SentinelOne Singularity Complete vs Wazuh Logo
SentinelOne Singularity Complete vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Cortex XDR by Palo Alto Networks vs Wazuh Logo
Cortex XDR by Palo Alto Networks vs Wazuh
Microsoft Defender XDR vs Wazuh Logo
Microsoft Defender XDR vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Cribl vs Wazuh Logo
Cribl vs Wazuh
Grafana Loki vs Wazuh Logo
Grafana Loki vs Wazuh
Trellix Endpoint Security Platform vs Wazuh Logo
Trellix Endpoint Security Platform vs Wazuh
Elastic Observability vs Wazuh Logo
Elastic Observability vs Wazuh
See all alternatives
 
Wazuh Reviews Summary
Author infoRatingReview Summary
Engineer - Information Security at N-Able (Pvt) Ltd4.5I prefer Wazuh over Forti due to its better pricing, flexibility, documentation, and dashboard performance, though it lacks AI and user behavior features. Both are stable, but Wazuh's simplicity and community support stand out for me.
Security Consultant at ebenezer.okoh@agorasecurity.it4.5I use Wazuh for daily security operations focused on threat hunting and intrusion detection. The system integrates well with our firewalls. I see room for improvement with AI integration, but overall, it provides cost-effective security solutions.
Cyber Security Software Engineer at a tech services company with 11-50 employees4.0I use Wazuh as a versatile open-source SIEM platform, benefiting from its customizability and cost-saving advantages. Though documentation is comprehensive, improvements are needed in uniformity and developer-friendliness. The platform effectively integrates third-party services and ranks highly for its capabilities.
Tech Lead at a tech vendor with 51-200 employees3.5I've used Wazuh for two years in compromise assessments due to its strong EDR agent capabilities, though I don't recommend it for long-term SOC use because of stability and log retention issues despite easy setup and good visibility.
Security Operations Center Analyst at mailbox.org4.0I use Wazuh as a highly customizable open-source SIEM solution that effectively addresses various client issues. Its valuable CVE helper feature is beneficial, though it requires labor-intensive maintenance due to limited AI integration, needing constant code input.
Student at Dakota State University3.0I am evaluating Wazuh for file monitoring and compliance reporting. Its valuable features include cost-effective alerts and compliance tools, although improvements are needed with rule tags. Wazuh offers potential ROI compared to previous market solutions, especially for small to medium businesses.
Software Engineer at i2c Inc.4.0I use Wazuh in my company mainly as a SIEM and XDR tool. Its most valuable features include SIEM modules, vulnerability detection, and compliance frameworks. However, it lacks AI and ML capabilities and is costly for our infrastructure and log ingestion.
Tech Lead at a tech vendor with 201-500 employees3.5We integrated Wazuh with Google Cloud for data collection and anomaly detection, valuing its MITRE framework mapping. While support and integration need improvement, Wazuh offers a significant ROI by reducing detection and response times compared to previous manual audits.