Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.
Wazuh has many valuable features including easy integration with other SOC tools, active response, endpoint security monitoring, malware detection, inventory, detection of hidden processes, and cloud security. In addition, it can collect terabytes of data quickly, it's open-source and free to use, and provides vulnerability assessment and scoring.
The customizable log configuration are also appreciated as are its dashboard and reporting, flexibility for cloud and on-premises use, syscheck, pile integrity monitoring, integration with AWS cloud-native services, and support for PCI DSS compliance. It can integrate with various operating systems and applications. The ELK for investigation and log monitoring and analysis tools are also highly regarded.
It also has built-in frameworks for compliance with industry standards.
Wazuh's configuration and integration capabilities could be improved, specifically with cloud applications. Scalability and false positives are also areas that need attention. Some users have experienced technical issues with the rules and agent upgrades. The solution is noted as resource-intensive and lacking security features, such as threat intelligence and vulnerability assessment plug-ins. Unix systems also pose a challenge for real-time monitoring.
Some users find Wazuh less user-friendly than other products and would like to see more built-in use cases.
The ROI has not been commented on by users to much extent. Wazuh does offer an MSP program with partnership offerings and related services.
Wazuh is an open-source solution that is free to use, with no licensing fees. However, there may be additional costs for Elasticsearch and log storage. The pricing is reasonable compared to competitors, and support can purchased.
Wazuh is used for endpoint detection and response, monitoring changes on endpoints, inventory, logging activity, malware detection, and monitoring cloud and infrastructure. Additional use cases include compliance, checking for security events, incident management, log management, log aggregation, and file integrity monitoring.
The customer service and support of Wazuh has received mixed feedback.
The initial setup for Wazuh varies in complexity depending on the size and customization of the deployment. Some users found it easy to deploy, while others required support and weeks of work. The length of time for setup depends on the number of endpoint machines and the level of customization. The documentation is noted as good, as is compatibility with different operating systems.
Reviews indicate that Wazuh is a scalable solution. There are some limitations in certain sectors and deployment can be difficult. While it is stable, it may not be suitable for deep data analysis or handling large amounts of information. Some reviewers mention the use of other tools like Splunk for heavier resource consumption. While Wazuh works well in a clustered environment and is cluster-aware, it is not always easy to scale up, and the sources of events and traffic must be considered.
The stability of Wazuh is generally rated positively. Most users have not faced any issues and consider it to be a reliable solution. A few have reported minor glitches or issues with bugs in the configuration and others have noted that the frequent updates and implementation of new features can cause some instability.
It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate through security alerts via a data visualization tool.
Wazuh Capabilities
Some of Wazuh’s most notable capabilities include:
Wazuh Benefits
Some of the most valued benefits of Wazuh include:
Wazuh Offers
Reviews From Real Users
"It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions." - Robert C., IT Security Consultant at Microlan Kenya Limited
“The MITRE ATT&CK correlation is most valuable.” - Chief Information Security Officer at a financial services firm