Wazuh Reviews

I use this product as an integrity marketing solution in the financial sector. We are users of Wazuh and I'm head of information security. 

The product is good for security-related features like monitoring, active response, and for vulnerabilities. I'm currently using the whole feature setup for Azure, from A to Z, everything. Wazuh enables me to monitor my whole infrastructure. I have Windows Linux and the firewalls are also integrated with Wazuh. 

The rules are very difficult because there are some limitations such as the inability to correlate two events. It should be easy to edit or change, but it can't be done. They are technical issues and I'm assuming they will be fixed over time.  

I've been using this solution for four years. 

The solution is stable. 

The solution is highly scalable but from a deployment perspective, it's quite difficult. We have five internal users and around 200 agents using the solution. 

I haven't used the customer support because I'm using the open source version. 

The initial setup can be complex. It's not a smooth process and I need an expert system engineer to deploy it in a clustered environment. 

There's no licensing fee because we're using the open-source version. 

I like this product and the fact that we're getting everything for free. However, it's a complex solution to deploy and manage and that's a pain point for us so I deduct two points and rate it eight out of 10. 

It is a basic level requirement for the compliance factor. There is regulatory compliance by the regulator called CDDISR, and we need to ensure that all the network's critical components send the logs. Wazuh allows us to complete forensic tasks to track any attacks.

The reporting and attractive dashboard are the most valuable features. We used Splunk, but it was a bit expensive. On the other hand, Wazuh has very flexible and robust features.

The computing resources are consuming and do not make sense. It should be lighter in terms of memory, CPU, and computing. There is a direct need for improvisation for any user, and it should be lighter than the current version. In the next release, they should include secure mobile app integration.

We have been using this solution for almost three months. It is deployed on-premises by our vendor.

It is a stable solution, and the performance is good.

It is scalable and does not require adding further devices. The number of devices that we already have are listed there. The basic use case is the compliance factor, and there's no additional need. However, if we start doing more extensive logging, we might need Splunk because Wazuh has some limitations in consuming heavier resources. Splunk is the best for large data computing and big data.

The vendor provides support, but we haven't approached them for support yet.

We hired a third-party company for the setup, and they took considerable time to complete it. They were not experts, and it took them about a week. It should have taken only about three days. I rate the setup an eight out of ten. After setup, it does not require any additional maintenance.

We paid a lump sum as managed services, so the operator charges an amount for a year using a complete compliance system. The complete compliance system is just one component, so we are not being charged separately for the suite. This means we have the luxury of using it as a combo deal.

I rate this solution an eight out of ten. Regarding advice, if anyone is going for Wazuh, they have to understand their buying compute if they're going on cloud. They should ideally evaluate the Apple-to-Apple comparison between the products in terms of how computing-intensive the product is. So if Wazuh is inefficient in computing, it should be option two. They should identify any other product which has efficient computing capabilities. There should also be a skilled resource available as an implementation partner.

I use Wazuh as an open-source solution for SIEM and file integrity monitoring. I have conducted a few POCs in the bank sectors, as well as demos specifically regarding SIEM. 

In Pakistan, we have a state bank that controls the regularities. The banking sector wants to save money and is only interested in compliance. Our company helps them with this. Wazuh is used for file integrity monitoring on Unix, Linux, and Windows systems.

Wazuh is available on the cloud, however,  it depends on the customer. I work with the financial sector, which does not want its data to be on a public or private cloud.

I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems. 

There are three other features I find valuable. First, Wazuh helped me harden the appliances. Second, Wazuh gives me the opportunity to check the hardness through the CIS benchmarks and the other controls, such as Windows auditing policies. On the other hand, I have found it to be more useful for the PCI DSS compliance as it gives a very clear view regarding the benchmark of the PCI DSS. Last, Wazuh is most famous for the SIEM. The solution gives integrity monitoring for the specific file and updates on the real-time monitoring if the hashes change.

Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions. 

We found a workaround by reducing the frequency, so it would give us some sort of real-time monitoring.

I have been using Wazuh for four months. 

Wazuh is stable, however, at the start, I did face many difficulties managing the solution. We have a private lab in our office and the server is turned down each day. At the start of the next day, I would face an issue with our Elasticsearch not completely being loaded and the Kibana not loaded.

The solution is quite scalable. 

The initial setup of Wazuh is straightforward. I was able to implement this by following the documentation. I downloaded the CentOS OS appliance, which takes a few minutes, and then another ten to twenty minutes to upload and give it the IP address and network. It takes only one integrator like me to deploy everything.

Implementation of Wazuh depends on the organization, specifically, if the organization is on Azure Active Directory, or if it's just a normal Active Directory. 

When I implement the solution, I will never go on the agent-based implementation, I will do centralized implementation which is provided by Wazuh. Using the create agent part, I have a power shell script for Windows or a different script for either Linux or Unix. 

I give the script to the administrator and request them to push it directly on the systems, so within a few seconds I can see on the Wazuh dashboards that the agents are active. This allows me to manage them through centralized groups. It would not be recommended to push every script and change every file on the final device.

Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year.

My advice to someone considering Wazuh would depend on if they are using the open-source solution or not. If they are using open-source, I recommend that they purchase the support from Wazuh. Be prepared to be patient and wait for the services to be completely up. Once it is up, you are free to use it.

I would rate this solution an eight out of ten.

The solution can be used for monitoring changes on the endpoint of machines. It focuses mostly on endpoints and the dangers that may come through. 

They are very good for endpoint security monitoring. 

Windows machine monitoring is good. It's very easy to track threats. 

It's very capable of finding even low-level threats on endpoint machines.

If they support a solution, it is easy to do an integration.

The solution is stable and reliable.

It can scale.

There is lots of good documentation.

The setup is easy.

I don't have any notes for new features. 

When it comes to interfacing with some other applications, it could be better. It could have better integration capabilities. They need to go towards integrating with more cloud applications and not just OS like Windows and Linux. 

I've been using the solution for seven years. 

The solution is stable and reliable. There were no bugs or glitches when I used it. I haven't used it for a while. However, I never had trouble, and we had very minimal issues. 

The solution is very scalable. It can extend well. That said, it is not a solution for banks. There could be some limitations in different sectors. 

We primarily use the solution ourselves within our own teams. 

I've never contacted technical support. Most of the documentation is helpful, and that helps me avoid reaching out. 

I stopped using Wazuh for a while. I'm not a regular user, and I am changing companies. I may be using a new product.

The solution is pretty straightforward. All solutions of this nature have a very similar setup. The length of time depends on the number of endpoint machines. 

I can often do the setup by myself. However, I sometimes ask the network engineers for support. That said, doing the installation itself only really takes one person. 

I can do the initial setup by myself. 

It's a good solution for SMEs. It may not be ideal for enterprise-level companies. 

I'd rate the solution eight out of ten. 

We're using it in our company as well as our customer's companies. 

It is usually used for SIM and log collection and licenses.

The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

It is stable. 

The deployment is easy, and they provide very good documentation.

It can scale well.

Technical support is quite helpful.

We would like to see more improvements on the cloud. They need better cloud integration. We already have it on the latest version. However, we have yet to upgrade it. We'd like to see more overall integration support. That includes integration with cloud providers and more API-based integration, which would be helpful for lots of other integrations as well.

The active response needs to be better. I hope they create something on the front end. We have to do a lot of backend coding in Wazuh for active response. That's the major thing that we would like to see to improve it.

We've been using the solution for around one year.

The product is very stable. We have had it deployed for more than six months and we deployed that product on our premises and also on the customer's end. We haven't found any performance issues so far.

As far as I can see, it is scalable. 

We've deployed it in a Kubernetes cluster, and Wazuh works in a clustered environment. It is a cluster-aware product. We can scale it as much as we want to in the future.

Right now, our SOC Analyst team, which is around 11 to 15 people, as well as a few customers, are using the solution currently. 

Technical support is very extensive. We had a long conversation regarding some role-based access control with their team, and they were really helpful, and the support was really good, even though we were using the open-source version of that product.

We did previously use Alien Vault. There are some licensing obligations, so it's a bit difficult to maintain. We also preferred using an open-source option.

It is very easy to deploy and works well with different types of operating systems. 

They provide very good documentation, and they also have got it in containers, so it was very easy to set up.

The overall agent installation and the server installation took maybe half an hour.

We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other monitoring matters since we are using the pre-version.

We're customers. We're using multi-tenant and have companies that are mostly SMEs. We also have a few enterprises as well. 

My advice to new users is that you should do extensive research and need a system team in your company to deploy, configure, and set up everything. Other than that, it's a highly recommended product from our side, and we wish that this product had intel support. I hope that it improves in the future as well.

According to the use case scenario we have, I would rate it an eight out of ten.

We are using Wazuh for security information and event management, PCI DSS compliance, auditing, real-time sensitive monitoring, and meeting regulatory requirements.

There were certain tasks we couldn't carry out before. However, with Wazuh, we found a solution within a single platform. It only required a one-time effort to set up and configure the version. After that, it's just about monitoring the alerts and making revisions. No additional efforts are needed.

The most valuable features include file integrity monitoring, Wazuh engines, Wazuh rulesets (including rulesets for Apache and firewall routers), and vulnerability detection.

There is room for improvement in Wazuh, but it's possible they are already working on it. The only challenge we faced with Wazuh was the lack of direct support. They charge for support, whether it's five days a week or seven days a week. We don't expect it to be free because revenue is generated through the support they provide. 

In future releases, I would like to see a feature. There is one feature we observed in a premium tool in the industry called Dynatrace. It provides automatic relations between different devices and components. For instance, if you receive a web login request, Dynatrace can trace and show you the path it takes from the firewall to the switch, then to the Apache server, the actual job application, and finally back to the client. It intelligently correlates all the components involved in a single event. 

If Wazuh could include this feature, where all the components are integrated, it would automatically relate them for any activity in your environment.

We have been working with Wazuh for the last year. We currently use the latest version.

Sometimes, it has disturbances, but at the end of the day, it's not Wazuh but, actually, the configurations that engineers do sometimes do not have compatibility. So at that time, we face issues, but as of now, Wazuh has not disappointed us in any way.

It is scalable. We can add a new machine or server, install the components, and inform the other components about its IP address. We add it to the cluster, and a restart of the cluster is all that's needed to integrate the new component.

While there are many people involved, only three or four security engineers manage and oversee the events collected and provided by Wazuh.

We used Splunk primarily for log management purposes. There were no extra security modules or playbooks involved. We indexed the logs, built dashboards, generated reports, and set up alerts. That was the extent of our usage, without any additional security features.

The initial setup was not complex. We had prior experience with Elastic and Elk, so the deployment of Wazuh was quite familiar to us. It wasn't a major challenge.

However, we do need maintenance as we need to upgrade the version periodically. During maintenance, we have to switch off all the endpoints, turn off all the components, and then power off one by one to upgrade them to the latest version. This is done during a maintenance window.

One or two engineers are usually enough to handle the maintenance tasks.

In terms of the deployment plan, if we exclude the endpoints (monitored servers), we have multiple nodes for each component: indexer, manager, and dashboard. We also implemented an NGINX-based load balancer, following the documentation provided by Wazuh on configuring NGINX as a load balancer. This helps in load disturbance and redundancy, so we don't have a single point of failure when any server goes down.

The deployment process took approximately one to two weeks to fully test and deploy the system. We had to spend time on research and development to properly configure everything. The resources mainly involved Linux servers. There were not many additional resources involved beyond that.

We evaluated LogRhythm, which is an excellent intelligence-based tool. However, it comes with a high cost for the intelligence features. Wazuh lacks AI or machine learning capabilities, but otherwise, it has all the necessary capabilities for a similar solution.

I would advise you to carefully follow the documentation. It is straightforward and to the point. If any issues arise, the Wazuh Slack community is highly active and responsive. They can provide assistance within 24 hours or even less, helping with any deployment or management challenges.

Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors. Unlike some paid tools, Wazuh is extensive and extendible and allows integration with open-source tools and scripts. It is flexible, reliable, and open-source, which is its biggest advantage. 

Overall, it is a good solution. I would rate the solution a nine out of ten. Considering that Wazuh is open source and free of cost while providing all the necessary features, I would rate it nine or ten. I lean towards ten because it offers a comprehensive solution without any financial burden. However, compared to industry leaders like LogRhythm and Splunk, which have machine learning modules, Wazuh lacks in that aspect. So, overall, I would rate it nine, but because of its cost-effectiveness, it deserves a ten.

We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.

Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.

I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system.

I have been using Wazuh as an end user since 2023.

The product is stable.

The solution is scalable. In the Bangladesh market, several banks are now actively considering Wazuh. They become fully compliant with compliance issues. Earlier, they were struggling to obtain approval and maintain compliance standards.

I have used Elastic Security. There are some customization needs in Wazuh. We cannot customize it.

The initial setup is easy. Log management plays a crucial role in using Wazuh to its full potential. Assessing the volume and nature of the data is essential to determine EPS. This calculation is pivotal, as it dictates resource allocation, such as access, RAM, and storage specifications.

The product is an open-source platform.

Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location.

The solution’s maintenance is easy.

Overall, I rate the solution an eight out of ten.

We use Wazuh for PCI compliance monitoring. It can detect whether a server or PCA node is PCI compliant.

Wazuh is simple to use for PCI compliance.

Some features, like alerting, are complex with Wazuh. Setting up alerts and triggers can be difficult, and the interface could be better. Compared to other platforms, such as New Relic, Wazuh's UI could be improved. New Relic has a similar interface, but the UI updates have made it a better product.

We have certain requirements regarding monitoring and whether Wazuh is completely compliant with them. It would be helpful to know if Wazuh is a complete solution for log monitoring, including the requirements of PCA and other security aspects.

I have been using Wazuh for a couple of months. We are using the latest version of the solution.

While installing some agents, our team faced some issues. However, the stability is otherwise good. I rate the solution's stability a seven out of ten.

The solution is scalable. We've three to five users using this solution. I rate the solution's scalability a seven or eight out of ten.

Wazuh provided good support for whatever usage or issues we were facing. They were ready to support us at any point.

We have used ELK before, but it was not a complete solution for our needs. We needed to integrate it with other solutions. Wazuh seemed a more comprehensive solution, especially compared to other providers. We also tried products from a local company, but their service was not as good as Wazuh. It is also an established company. We decided to use Wazuh.

The initial setup of Wazuh is simple. The internal person sets up the application and installs the agents. They were able to do it in a day. Both setup and configuration are straightforward.

The solution's pricing is very competitive. I rate the solution's pricing a nine out of ten, where one is expensive and ten is cheap.

Overall, I rate the solution an eight out of ten.