2021-06-04T15:55:56Z

What needs improvement with Wazuh?

Please share with the community what you think needs improvement with Wazuh.

What are its weaknesses? What would you like to see changed in a future version?

Julia Miller - PeerSpot reviewer
Community Director at PeerSpot
  • 0
  • 275
17
PeerSpot user
17 Answers
Youssef EL AZZOUZI - PeerSpot reviewer
Intern Master in Cybersecurity and Cybercrime at Université Abdelmalek Essaâdi
Real User
Top 5Leaderboard
2023-05-09T09:15:00Z
May 9, 2023

The solution's configuration could be faster.

Search for a product comparison
Robert Cheruiyot - PeerSpot reviewer
IT Security Consultant at Microlan Kenya Limited
Real User
Top 5Leaderboard
2023-04-12T11:44:43Z
Apr 12, 2023

I don't have any notes for new features. When it comes to interfacing with some other applications, it could be better. It could have better integration capabilities. They need to go towards integrating with more cloud applications and not just OS like Windows and Linux.

AKASH MAJUMDER - PeerSpot reviewer
SOC Analyst at Ovelosec
Real User
Top 10
2023-03-20T08:29:16Z
Mar 20, 2023

One area where Wazuh could be improved is scalability. While it is scalable, it can suffer from reduced latencies. In the next release, I would like to see a more seamless combination of a SIEM system. However, the current SIEM system can be noisy at times, resulting in false positives instead of true positives. In comparison, Splunk has been able to reduce the number of false positives in its system.

Rizwan-Alam - PeerSpot reviewer
Head Information Security at Akhtar Fuiou Technologies
Real User
Top 5
2023-02-28T09:06:08Z
Feb 28, 2023

The rules are very difficult because there are some limitations such as the inability to correlate two events. It should be easy to edit or change, but it can't be done. They are technical issues and I'm assuming they will be fixed over time.

ShubhamKumar - PeerSpot reviewer
Project Lead at a tech services company with 51-200 employees
Real User
Top 10
2023-01-12T13:30:00Z
Jan 12, 2023

When the agents are not upgraded in comparison to the server they start behaving unknowingly. Some modules will be working, some modules will not be working. It would be great if there could be customization for the decoder portion.

Vijay Muddu - PeerSpot reviewer
Server Administrator at Vivaconnect
Real User
Top 5
2022-10-28T12:40:06Z
Oct 28, 2022

The scalability of this solution could be improved.

Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
706,775 professionals have used our research since 2012.
SHEERAZ AHMED - PeerSpot reviewer
Managing Director at SharpTel
Real User
Top 10
2022-09-28T13:24:16Z
Sep 28, 2022

The computing resources are consuming and do not make sense. It should be lighter in terms of memory, CPU, and computing. There is a direct need for improvisation for any user, and it should be lighter than the current version. In the next release, they should include secure mobile app integration.

CG
Principal Architect at Calsoft
Real User
Top 5
2022-09-10T14:06:19Z
Sep 10, 2022

Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc. Overall, the implementation part of Azure is tricky. It can be simplified and automated more to shorten the deployment timeline, so we can immediately onboard the application. The entire implementation process should be user-friendly.

Maikel Richard Villar Rodriguez - PeerSpot reviewer
Cybersecurity supervisior at Optical Network
Real User
Top 20
2022-08-30T23:26:05Z
Aug 30, 2022

Wazuh needs more security features, particularly visualization features and a health monitor. In the next release, it should be easier to see the origin of events when connected to a firewall or switch. I would also like more integration with XDR and cloud-based formats like the GCO log testing system or Huawei.

Vikrant Puranik - PeerSpot reviewer
Manager Cloud Security Operations at TraceLink, Inc.
Real User
Top 10
2022-08-01T13:01:54Z
Aug 1, 2022

Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage. There are some minor glitches, but that's part of every tool, and they usually get addressed in subsequent updates. I would like to see more Kubernetes security and log integrations. That will be one of the good things. Wazuh supports AWS or GCP cloud-native service integration, but it would be great if they added support for Kubernetes security and AWS or Azure-managed Kubernetes solutions.

Dr. Sushan Banerjee - PeerSpot reviewer
GISO - Global Information Security Officer at Beyon Connect
Real User
Top 5Leaderboard
2022-07-10T15:39:18Z
Jul 10, 2022

It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism.

Wajih Ul Hasan - PeerSpot reviewer
Cyber Security Engineer at Digit Labs
Real User
Top 10
2022-05-11T16:04:00Z
May 11, 2022

Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions. We found a workaround by reducing the frequency, so it would give us some sort of real-time monitoring.

GS
Vice President Information Technology and Security at a comms service provider with 201-500 employees
Real User
Top 20
2022-04-08T20:34:00Z
Apr 8, 2022

There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded.

RS
Tech Lead Security at a comms service provider with 51-200 employees
Real User
Top 5Leaderboard
2022-03-16T20:33:57Z
Mar 16, 2022

Wazuh could improve the detection, it is not detecting all of the attacks. Additionally, it is lacking features compared to other solutions.

JK
CBO at a security firm with 11-50 employees
Reseller
Top 5
2022-02-17T11:03:00Z
Feb 17, 2022

I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions.

Robert Cheruiyot - PeerSpot reviewer
IT Security Consultant at Microlan Kenya Limited
Real User
Top 5Leaderboard
2021-10-28T15:16:16Z
Oct 28, 2021

Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh. It's hard to really go into what Wazuh should add. If we call for Wazuh to improve one thing, then many things have to be improved. So if Wazuh's primary purpose is to cover the logs, then we can't really keep asking them to cover endpoints as well. And Wazuh doesn't have threat intelligence, to my knowledge. It can integrate with other sources of threat intel, but I haven't seen a native threat intel platform. Many people subscribe to Splunk for this platform. You can integrate threat intelligence from other solutions, but I haven't seen this feature in Wazuh.

SP
Chief Information Security Officer at a financial services firm with 501-1,000 employees
Real User
Top 20
2021-06-04T15:55:56Z
Jun 4, 2021

Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs.

Related Questions
UT
User at M2P Fintech
Jan 16, 2023
Hi peers,  I work at a medium-sized financial services firm. I am currently researching SIEM solutions and would like to understand the difference between SIEM and Next-Gen SIEM solutions. In addition, I would like to know what are the differences between Gurucul and Wazuh. Thank you for your help.
See 2 answers
Jan 14, 2023
"SIEM" and "Next-Gen SIEM" are often used in marketing and may not have a clear definition. Each vendor may have their own interpretation of these terms. The main difference between SIEM and Next-Gen SIEM (often called XDR) is the responsibility for creating security detections. Next-Gen solutions typically offer more pre-built detections and require less maintenance compared to traditional SIEMs, which primarily focus on collecting log data.   Comparing Gurucul and Wazuh, some key differences between the two include: Wazuh is open-source, while Gurucul's SIEM solution is proprietary. Wazuh focuses on providing detailed visibility and control over an organization's endpoint security, whereas Gurucul's SIEM solution provides a broader range of security features such as threat intelligence, user behavior analytics, and incident response.
SiddhantMishra - PeerSpot reviewer
Cyber Security Consultant at DNIF
Jan 16, 2023
SIEM (Security Information and Event Management) is a security management system that uses software to collect, store, and analyze security-related data from various sources. It provides a centralized view of the security posture of an organization by correlating events from different sources, such as network devices, servers, and applications. Next-gen SIEM solutions, also known as "modern" or "advanced" SIEMs, build on the basic functionality of traditional SIEMs by adding new capabilities such as: - Machine learning and artificial intelligence to improve threat detection and reduce false positives - Cloud-based deployment for greater scalability and flexibility - Integration with other security tools such as endpoint protection and vulnerability management - Automated incident response and threat hunting - Greater visibility into modern technologies such as cloud environments and IoT devices. In summary, Next-gen SIEMs offer more advanced analytics, automation, and improved scalability, to help with detecting and responding to cyber threats in real time. Wazuh is an open-source security platform that provides an integrated solution for threat detection, incident response, and compliance. It is built on top of Elastic Stack and provides an agent-based architecture for data collection and centralized management. Wazuh focuses on providing endpoint security by monitoring and alerting system activity, file integrity, and vulnerabilities. Gurucul, on the other hand, is a security analytics platform that uses machine learning and behavioral analytics to detect and respond to cyber threats in real time. It also provides a centralized view of security-related data and can integrate with a variety of security tools. Gurucul focuses on providing user and entity behavior analytics (UEBA) and fraud detection, it can identify anomalies and suspicious activities in an organization's network, applications, and user behavior. In summary, Wazuh is an open source endpoint security platform, while Gurucul is a security analytics platform that uses machine learning and behavioral analytics to detect and respond to cyber threats in real time.
Julia Miller - PeerSpot reviewer
Community Director at PeerSpot
May 9, 2023
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 14 answers
Robert Cheruiyot - PeerSpot reviewer
IT Security Consultant at Microlan Kenya Limited
Oct 28, 2021
Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk.
JK
CBO at a security firm with 11-50 employees
Feb 17, 2022
This is a very price sensitive product.
Explore this product
Download Free Report
Download our free Wazuh Report and get advice and tips from experienced pros sharing their opinions. Updated: May 2023.
DOWNLOAD NOW
706,775 professionals have used our research since 2012.