Wazuh Reviews

I use this product as an integrity marketing solution in the financial sector. We are users of Wazuh and I'm head of information security. 

The product is good for security-related features like monitoring, active response, and for vulnerabilities. I'm currently using the whole feature setup for Azure, from A to Z, everything. Wazuh enables me to monitor my whole infrastructure. I have Windows Linux and the firewalls are also integrated with Wazuh. 

The rules are very difficult because there are some limitations such as the inability to correlate two events. It should be easy to edit or change, but it can't be done. They are technical issues and I'm assuming they will be fixed over time.  

I've been using this solution for four years. 

The solution is stable. 

The solution is highly scalable but from a deployment perspective, it's quite difficult. We have five internal users and around 200 agents using the solution. 

I haven't used the customer support because I'm using the open source version. 

The initial setup can be complex. It's not a smooth process and I need an expert system engineer to deploy it in a clustered environment. 

There's no licensing fee because we're using the open-source version. 

I like this product and the fact that we're getting everything for free. However, it's a complex solution to deploy and manage and that's a pain point for us so I deduct two points and rate it eight out of 10. 

We recommend and assist our clients using Wazuh for semi-custom solutions for critical sectors like telecommunication, healthcare, government, or military. Wazuh helps them solve critical in a limited time. Their operations are already digital, but I haven't worked with highly critical customers. 

My customers mainly use Wazuh for threat detection in industries with mostly Windows servers. We monitor server changes like password changes and account privilege changes. Wazuh makes it easy to track these changes without needing to check the domain controller. We open the Wazuh interface to see all the details. That's why I love Wazuh, though I get nervous too.

Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories.

Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports.

I want more support for regional compliance standards to serve my ANZ region customers better.

I have been using Wazuh for the past three years.

Regarding stability, I would rate it a seven out of ten. It needs improvements, especially compared to products like IBM QRadar and other cloud-based solutions.

I rate the scalability of Wazuh as a four out of ten. While my customers are generally satisfied and do not have highly critical requirements, I see areas for improvement as a technical person.

The technical support for Wazuh's licensed products is decent. Sometimes, there are delayed response and resolution times, which can be frustrating. 

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Neutral

The initial setup was somewhat challenging for us, especially when we tried to do it independently. We faced some implementation issues but found solutions indicating ongoing product improvements. Sometimes, we face compatibility issues with certain industry products, requiring custom solutions, which can be a bit of a headache. However, we've managed to address these challenges over time. I would rate the setup process a five out of ten.

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Overall, I would rate Wazuh as seven out of ten.

I use the solution in my company for XDR and SIEM.

The solution's most valuable feature is that its XDR part provides a very good experience compared to other open-source software. Wazuh is also better than the existing XDR apps.

Wazuh needs improvement in terms of AI. All the tools, whether SIEM or other tools, are focused on AI-based areas. Wazuh should plan to integrate with the AI part.

The product's configuration part and lack of AI capabilities are some of the major concerns associated with Wazuh.

Considering the current technology, the entire infra will be changed for quantum computing and security. We need AI, which is drastically evolving. We needed some alignment with the AI-based Wazuh, and I believe it would be a very promising development since it would not be stable otherwise. Splunk has started working on AI-related stuff. Wazuh's XDR is very good.

I have been using Wazuh for three years. My company has a partnership with Wazuh.

The tool is very powerful, without a doubt. It is a stable tool. Wazuh is better than Splunk, and I say so since it is very suitable for small and mid-level businesses with lower data volume. Splunk is the best if we need to deal with a higher volume. I can go ahead with Splunk if it is a higher volume. When it comes to small and middle-level businesses, our organization, Wazuh, which has the lowest data volumes, is the best and most stable tool.

When it comes to scalability, there are two things to consider while scaling up Wazuh's deployment. One is that our server and infra facilities should be aligned properly. Wazuh is a scalable tool. I can say the only drawback is that one requires technical knowledge to set up and configure the tool.

The solution's technical support quality is mid-range. I rate the technical support a seven out of ten.

Neutral

It is easy to install and deploy the tool, but only an experienced person can handle such areas. It means the subject matter expert can handle the tool. It cannot be given to someone randomly as the person needs to have some expertise.

The solution is easy to maintain.

Three people can deploy the solution.

Wazuh has given some timelines for the average deployment, but I must ask my team about it.

The product price is neither too high nor too low. A lot of small players can easily adapt to Wazuh. Many are interested in adopting Wazuh in their own infrastructure.

I would say that Wazuh's threat detection capabilities are effective at around 80 percent.

Regarding compliance and integrity monitoring, I would say that the problem stems from the fact that someone who doesn't know or has any background associated with Wazuh or someone junior in the profession cannot configure the product. An experienced person should configure Wazuh, and then only we can get the settings right because it is mostly a configuration-based tool. There are a lot of things in the configuration-based part. The product offers seamless integration capabilities.

I will have to ask my team members about details related to the operational cost and security incident response time associated with the solution.

My final bottom line recommendation to others is that they should consider whether they are using small volumes, and if so, it means their organization is small or mid-sized and is using very few data volumes for which Wazuh is the best choice instead of Graylog, Splunk or some other tool. We need the expertise to set up and configure the tool properly. Expertise and knowledge should be the key thing if anybody needs to adopt the tool. Others need to consider the tool's readiness for the AI revolution.

I rate the tool an eight out of ten.

Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. 

Wazuh is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution. 

The configuration assessment and pile integrity monitoring features are decent.

Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc. 

Overall, the implementation part of Azure is tricky. It can be simplified and automated more to shorten the deployment timeline, so we can immediately onboard the application. The entire implementation process should be user-friendly.

We implemented Wazuh in 2019.

I rate Wazuh six out of 10 for stability. While we haven't seen any incidents lately, it used to crash a few years back. The dashboard would be inaccessible due to some service failure or something. 

I rate Wazuh eight out of 10 for scalability.

We use community forums like Stack Overflow to find answers. Most debugging and troubleshooting processes are readily available online. 

Setting up Wazuh is complex. The deployment involved two IT engineers and took about two months

We deployed Wazuh. 

Wazuh is a free solution. 

We tried to replace Wazuh with a CrowdStrike real-time security solution. We also tried some solutions from one of our vendors We want to move to either Elastic or CrowdStrike.

I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration could be easier.

Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.

The implementation is very complex.

We are resellers of the product.

The tool is stable. We had issues later when the storage space was full. We had to change the location of the logs because the customer did not point the logs to the right storage. I rate the tool’s stability an eight out of ten.

The scalability might be a challenge since we use the on-premise version. The system crashed when the disc was full of log data. It was a challenge. In our customer’s organization, 50 people are using the product.

Our customers get technical support from us. They do not receive support from Wazuh.

We need very skilled staff to implement the tool.

The implementation took two to three weeks. Configuring the log collector from the servers was not very simple. Sometimes, we need to write some scripts and find specific assets. It is not a fully integrated solution. We need to set up three different elements. We needed three people to deploy the product. Our customers need only two people to maintain the tool.

It is an open-source product. Apart from the implementation cost, our customers do not have to pay for the license.

I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. 

Overall, I rate the product an eight out of ten.

We are using Wazuh for security information and event management, PCI DSS compliance, auditing, real-time sensitive monitoring, and meeting regulatory requirements.

There were certain tasks we couldn't carry out before. However, with Wazuh, we found a solution within a single platform. It only required a one-time effort to set up and configure the version. After that, it's just about monitoring the alerts and making revisions. No additional efforts are needed.

The most valuable features include file integrity monitoring, Wazuh engines, Wazuh rulesets (including rulesets for Apache and firewall routers), and vulnerability detection.

There is room for improvement in Wazuh, but it's possible they are already working on it. The only challenge we faced with Wazuh was the lack of direct support. They charge for support, whether it's five days a week or seven days a week. We don't expect it to be free because revenue is generated through the support they provide. 

In future releases, I would like to see a feature. There is one feature we observed in a premium tool in the industry called Dynatrace. It provides automatic relations between different devices and components. For instance, if you receive a web login request, Dynatrace can trace and show you the path it takes from the firewall to the switch, then to the Apache server, the actual job application, and finally back to the client. It intelligently correlates all the components involved in a single event. 

If Wazuh could include this feature, where all the components are integrated, it would automatically relate them for any activity in your environment.

We have been working with Wazuh for the last year. We currently use the latest version.

Sometimes, it has disturbances, but at the end of the day, it's not Wazuh but, actually, the configurations that engineers do sometimes do not have compatibility. So at that time, we face issues, but as of now, Wazuh has not disappointed us in any way.

It is scalable. We can add a new machine or server, install the components, and inform the other components about its IP address. We add it to the cluster, and a restart of the cluster is all that's needed to integrate the new component.

While there are many people involved, only three or four security engineers manage and oversee the events collected and provided by Wazuh.

We used Splunk primarily for log management purposes. There were no extra security modules or playbooks involved. We indexed the logs, built dashboards, generated reports, and set up alerts. That was the extent of our usage, without any additional security features.

The initial setup was not complex. We had prior experience with Elastic and Elk, so the deployment of Wazuh was quite familiar to us. It wasn't a major challenge.

However, we do need maintenance as we need to upgrade the version periodically. During maintenance, we have to switch off all the endpoints, turn off all the components, and then power off one by one to upgrade them to the latest version. This is done during a maintenance window.

One or two engineers are usually enough to handle the maintenance tasks.

In terms of the deployment plan, if we exclude the endpoints (monitored servers), we have multiple nodes for each component: indexer, manager, and dashboard. We also implemented an NGINX-based load balancer, following the documentation provided by Wazuh on configuring NGINX as a load balancer. This helps in load disturbance and redundancy, so we don't have a single point of failure when any server goes down.

The deployment process took approximately one to two weeks to fully test and deploy the system. We had to spend time on research and development to properly configure everything. The resources mainly involved Linux servers. There were not many additional resources involved beyond that.

We evaluated LogRhythm, which is an excellent intelligence-based tool. However, it comes with a high cost for the intelligence features. Wazuh lacks AI or machine learning capabilities, but otherwise, it has all the necessary capabilities for a similar solution.

I would advise you to carefully follow the documentation. It is straightforward and to the point. If any issues arise, the Wazuh Slack community is highly active and responsive. They can provide assistance within 24 hours or even less, helping with any deployment or management challenges.

Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors. Unlike some paid tools, Wazuh is extensive and extendible and allows integration with open-source tools and scripts. It is flexible, reliable, and open-source, which is its biggest advantage. 

Overall, it is a good solution. I would rate the solution a nine out of ten. Considering that Wazuh is open source and free of cost while providing all the necessary features, I would rate it nine or ten. I lean towards ten because it offers a comprehensive solution without any financial burden. However, compared to industry leaders like LogRhythm and Splunk, which have machine learning modules, Wazuh lacks in that aspect. So, overall, I would rate it nine, but because of its cost-effectiveness, it deserves a ten.

We're using it in our company as well as our customer's companies. 

It is usually used for SIM and log collection and licenses.

The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

It is stable. 

The deployment is easy, and they provide very good documentation.

It can scale well.

Technical support is quite helpful.

We would like to see more improvements on the cloud. They need better cloud integration. We already have it on the latest version. However, we have yet to upgrade it. We'd like to see more overall integration support. That includes integration with cloud providers and more API-based integration, which would be helpful for lots of other integrations as well.

The active response needs to be better. I hope they create something on the front end. We have to do a lot of backend coding in Wazuh for active response. That's the major thing that we would like to see to improve it.

We've been using the solution for around one year.

The product is very stable. We have had it deployed for more than six months and we deployed that product on our premises and also on the customer's end. We haven't found any performance issues so far.

As far as I can see, it is scalable. 

We've deployed it in a Kubernetes cluster, and Wazuh works in a clustered environment. It is a cluster-aware product. We can scale it as much as we want to in the future.

Right now, our SOC Analyst team, which is around 11 to 15 people, as well as a few customers, are using the solution currently. 

Technical support is very extensive. We had a long conversation regarding some role-based access control with their team, and they were really helpful, and the support was really good, even though we were using the open-source version of that product.

We did previously use Alien Vault. There are some licensing obligations, so it's a bit difficult to maintain. We also preferred using an open-source option.

It is very easy to deploy and works well with different types of operating systems. 

They provide very good documentation, and they also have got it in containers, so it was very easy to set up.

The overall agent installation and the server installation took maybe half an hour.

We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other monitoring matters since we are using the pre-version.

We're customers. We're using multi-tenant and have companies that are mostly SMEs. We also have a few enterprises as well. 

My advice to new users is that you should do extensive research and need a system team in your company to deploy, configure, and set up everything. Other than that, it's a highly recommended product from our side, and we wish that this product had intel support. I hope that it improves in the future as well.

According to the use case scenario we have, I would rate it an eight out of ten.

My company uses Wazuh in our lab environment, where we have 100 endpoints.

The tool does not provide CTI to monitor darknet. In the future, I want the tool to provide CTI to monitor the darknet so that by creating a single query, I can monitor the darknet.

I have been using Wazuh for a year. I am an end user of the solution.

Stability-wise, I rate the solution a five or six out of ten.

My company has a problem with the stability of the product because we don't have a high-availability architecture. The fact that my company does not have a high availability architecture might be our company's problem.

Around three security operators in my company use the product.

Though I want the use of the product to be increased in the company, the decision to do so lies in the hands of the management.

I have not contacted the tool's support team. If my company contacts the product's support team, it would be easier for our company to deal with the product's areas like deployment and usage. In the upcoming year, I would like to use the commercial tech support offered by the product.

Previously, I have used IBM QRadar, SentinelOne, and Splunk, which were all very expensive products.

My company started to use Wazuh considering its low prices compared to other solutions.

I rate the product's initial setup phase an eight or nine on a scale of one to ten, where one is difficult, and ten is easy. Wazuh is a very simple tool.

The solution is deployed on a private cloud.

It is difficult to comment on how much time is required to deploy the product since there is always a need to add new log sources and integration. The solution can be deployed in a few days so that the testing phase can be carried out.

Wazuh is a cheaply priced product.

The product has been implemented in my company's environment for threat direction straight out of the box through a simple implementation process.

My company uses the product for threat detection and to create and tune playbooks with roles. My company uses the product in our lab environment, so it's not used for production, which makes it easier for us to deal with the tuning part of the product.

The product helps our company's ability to comply with industry standards since we use the CIS benchmark for hardening GDPR compliance.

My company uses the product for event analysis. My company uses Wazuh as a SIEM solution.

My company uses the product for many of our use cases, and we also deal with the configuration part of the tool. My company is trying to tune the product, and it is possible to use it for event analysis with Wazuh. The product is effective in terms of event analysis.

The integration capabilities of the product with other tools, like FortiGate and NetFlow, are good.

More time is required for me to be able to see how the product's scalability can impact our company's environment.

The product is easy to customize. The product provides good setup documentation regarding the language to be used to use the product's customization abilities. The product offers a good level of documentation along with a good online community. On the internet, it is easier to get information about any problem or issue users face with the tool.

I recommend the product be used in a team with fewer members for security operations. The tool can be used if you work in areas like security and administration, where it can be easily used and implemented.

I rate the tool an eight out of ten.