Wazuh Reviews

The primary use case for Wazuh is the detection of malware.

It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection. It is easy to install, configure, and run, requiring minimum resource investment, even for small-scale deployments on personal devices.

Improving the abilities related to security threat mapping, such as threat map landscape visualization, would be a great benefit. Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality.

I have been working with it for two years.

I would rate the stability eight out of ten.

I used Azure documentation and report storage, while researching other internet resources to gain a broader perspective on different product capabilities that are available for learning and deployment needs. Wazuh offers excellent features.

When I contacted customer care, they mentioned bundling options, that I found to be overall affordable.

I would recommend this product to other users in the field of cybersecurity. It provides enhanced network security and many useful features. It is easy to use, with a pricing structure that is more affordable compared to other options. I would rate it eight out of ten.

I use this product as an integrity marketing solution in the financial sector. We are users of Wazuh and I'm head of information security. 

The product is good for security-related features like monitoring, active response, and for vulnerabilities. I'm currently using the whole feature setup for Azure, from A to Z, everything. Wazuh enables me to monitor my whole infrastructure. I have Windows Linux and the firewalls are also integrated with Wazuh. 

The rules are very difficult because there are some limitations such as the inability to correlate two events. It should be easy to edit or change, but it can't be done. They are technical issues and I'm assuming they will be fixed over time.  

I've been using this solution for four years. 

The solution is stable. 

The solution is highly scalable but from a deployment perspective, it's quite difficult. We have five internal users and around 200 agents using the solution. 

I haven't used the customer support because I'm using the open source version. 

The initial setup can be complex. It's not a smooth process and I need an expert system engineer to deploy it in a clustered environment. 

There's no licensing fee because we're using the open-source version. 

I like this product and the fact that we're getting everything for free. However, it's a complex solution to deploy and manage and that's a pain point for us so I deduct two points and rate it eight out of 10. 

We're using it in our company as well as our customer's companies. 

It is usually used for SIM and log collection and licenses.

The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

It is stable. 

The deployment is easy, and they provide very good documentation.

It can scale well.

Technical support is quite helpful.

We would like to see more improvements on the cloud. They need better cloud integration. We already have it on the latest version. However, we have yet to upgrade it. We'd like to see more overall integration support. That includes integration with cloud providers and more API-based integration, which would be helpful for lots of other integrations as well.

The active response needs to be better. I hope they create something on the front end. We have to do a lot of backend coding in Wazuh for active response. That's the major thing that we would like to see to improve it.

We've been using the solution for around one year.

The product is very stable. We have had it deployed for more than six months and we deployed that product on our premises and also on the customer's end. We haven't found any performance issues so far.

As far as I can see, it is scalable. 

We've deployed it in a Kubernetes cluster, and Wazuh works in a clustered environment. It is a cluster-aware product. We can scale it as much as we want to in the future.

Right now, our SOC Analyst team, which is around 11 to 15 people, as well as a few customers, are using the solution currently. 

Technical support is very extensive. We had a long conversation regarding some role-based access control with their team, and they were really helpful, and the support was really good, even though we were using the open-source version of that product.

We did previously use Alien Vault. There are some licensing obligations, so it's a bit difficult to maintain. We also preferred using an open-source option.

It is very easy to deploy and works well with different types of operating systems. 

They provide very good documentation, and they also have got it in containers, so it was very easy to set up.

The overall agent installation and the server installation took maybe half an hour.

We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other monitoring matters since we are using the pre-version.

We're customers. We're using multi-tenant and have companies that are mostly SMEs. We also have a few enterprises as well. 

My advice to new users is that you should do extensive research and need a system team in your company to deploy, configure, and set up everything. Other than that, it's a highly recommended product from our side, and we wish that this product had intel support. I hope that it improves in the future as well.

According to the use case scenario we have, I would rate it an eight out of ten.

Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.

The implementation is very complex.

We are resellers of the product.

The tool is stable. We had issues later when the storage space was full. We had to change the location of the logs because the customer did not point the logs to the right storage. I rate the tool’s stability an eight out of ten.

The scalability might be a challenge since we use the on-premise version. The system crashed when the disc was full of log data. It was a challenge. In our customer’s organization, 50 people are using the product.

Our customers get technical support from us. They do not receive support from Wazuh.

We need very skilled staff to implement the tool.

The implementation took two to three weeks. Configuring the log collector from the servers was not very simple. Sometimes, we need to write some scripts and find specific assets. It is not a fully integrated solution. We need to set up three different elements. We needed three people to deploy the product. Our customers need only two people to maintain the tool.

It is an open-source product. Apart from the implementation cost, our customers do not have to pay for the license.

I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. 

Overall, I rate the product an eight out of ten.

We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company. 

So it can detect more than just games. You can customize it to detect specific software. We have a whitelist of approved software, and Wazuh compares it with the software installed on the device. If there are any mismatches, it reports it to us. So, for instance, we can whitelist Facebook, Blackboard, and YouTube.

Since it's an open-source tool, scalability is the main issue. We haven't paid for it, so if we want to scale it, we would need to purchase the enterprise version, which can be quite expensive. So scalability and limited support are the main limitations of the free version.

We started in December, so it has been six months now. We are using the open-source version of Wazuh.

Eight of us in the security team are using Wazuh.

We are not allowed to contact the support team on a one-on-one basis in the free version. However, we can post our queries in the community forum, where other users share their experiences and provide assistance.

The initial setup was pretty straightforward. They provide documentation that guides us through the process.

We are using the cloud version. We have deployed it on GCP (Google Cloud Platform).

So if budget is not an issue, you should consider other options. And if you want to save costs, the open-source or Wazuh enterprise would be suitable.

Wazuh is a good tool, but the open-source version has scalability limitations.

If you have the budget, I would suggest looking into other options. However, if you want to secure your endpoints without significant investment, Wazuh is a good tool. Just keep in mind that it may not scale well beyond a few thousand devices.

I would rate the open-source version as five out of ten.

We wanted a solution as an in-house SIEM tool, which can collect security and order logs for compliance purposes. We tried to explore a lot of tools and considering our budget and use cases, this tool matched our requirements.

We have five to seven users and we will be adding more users.

There are two features that stand out. Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work. Second, we can configure the logs per our requirement. 

The scalability of this solution could be improved. 

We have been Wazah for the past month. 

This is a stable solution but we have only tested that for one month. 

Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application. 

We have not reached out to the support team. We have just followed the Wazuh online documentation.

The initial setup is a little bit complex as it takes some time to understand the configurations. 

We started the implementation with the assistance of a consultant but completed it in-house. 

I would definitely recommend Wazuh to those who want a SIEM tool as a central logging system and for log management. You can complete the necessary security audits using this tool and have your security alerts configured if your system is receiving unknown attacks.

Overall, this is a fantastic tool but you will need an expert to assist with configuration. Scaling this solution is also challenging. We have not tested migrating from one server to another. 

I would rate this solution a six out of ten.

Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. 

Wazuh is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution. 

The configuration assessment and pile integrity monitoring features are decent.

Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc. 

Overall, the implementation part of Azure is tricky. It can be simplified and automated more to shorten the deployment timeline, so we can immediately onboard the application. The entire implementation process should be user-friendly.

We implemented Wazuh in 2019.

I rate Wazuh six out of 10 for stability. While we haven't seen any incidents lately, it used to crash a few years back. The dashboard would be inaccessible due to some service failure or something. 

I rate Wazuh eight out of 10 for scalability.

We use community forums like Stack Overflow to find answers. Most debugging and troubleshooting processes are readily available online. 

Setting up Wazuh is complex. The deployment involved two IT engineers and took about two months

We deployed Wazuh. 

Wazuh is a free solution. 

We tried to replace Wazuh with a CrowdStrike real-time security solution. We also tried some solutions from one of our vendors We want to move to either Elastic or CrowdStrike.

I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration could be easier.

Our company only has a small five-person team working with Wazuh. We wanted a log management solution that we could deploy onto our cloud, so we deployed Wazuh on Kubernetes and integrated different log sources into a centralized logging solution.

The second use case is log searching. We wanted a usable integrated search, and Wazuh a good search integrated usable. Wazuh has support for Elasticsearch, which provides searching capabilities. Cost-effectiveness was important for us, and Wazuh is a top open source solution. 

Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring. 

Scalability is a constraint in the on-prem version of Wazuh in terms of the volume of logs we can manage. There are some minor glitches, but that's part of every tool, and they usually get addressed in subsequent updates.

I would like to see more Kubernetes security and log integrations. That will be one of the good things. Wazuh supports AWS or GCP cloud-native service integration, but it would be great if they added support for Kubernetes security and AWS or Azure-managed Kubernetes solutions. 

We've used Wazuh for two years.

Wazuh is pretty stable. There are no major issues, but sometimes we face minor glitches. It's open source, so we can't expect every bug to be documented. We discover some new issues from time to time, but that's part of using an open-source solution. You pay for a licensed product or you deal with minor problems in open source. 

Wazuh's scalability has room for improvement.

We paid for technical support, but they do have a robust community and Slack channels and all that stuff. You can find most of the answers you need in the community groups or forums. I rate Wazuh support eight out of 10. 

I worked with Splunk, Curator, ArcSight, and some legacy solutions that no longer exist. They became obsolete or transitioned to a different product. Cost-effectiveness was one reason we switched. We had to decide whether to spend $500,000 on a commercial product or rely on our skills to deploy an open-source solution. 

The big difference between Wazuh and other solutions is maturity and customization. Wazuh's scalability and out-of-the-box functionality are slightly lagging behind, but Wazuh has improved a lot since the first time we saw it. Others have more search capabilities, whereas Wazuh depends on Elasticsearch. Searching is a bit slower in Wazuh.

I rate the Wazuh setup experience nine out of 10. The basic setup was straightforward, but our deployment was slightly complex because we did a lot of customization. It took us a week to deploy and fine-tune the initial setups. After deployment, the only maintenance task is rotating particular logs. If we don't rotate it correctly, the log storage runs out and services stop.

Wazuh is open-source, so we didn't have a support person or any professional services to help us. Fortunately, the documentation is excellent, and they have good community support as well.

Wazuh is an open-source solution, so the only expenses are Elasticsearch and log storage costs. Log storage costs no more than $20,000 to $30,000 annually. It's around $3,000 a month. It's all money in the bank. We don't have to spend anything except for resources. 

I rate Wazuh nine out of 10. It's a powerful tool, and you can do lots of things with it. Wazuh is a good choice if you're on a tight budget, but you need to have an enterprise-level SIEM deployment.

If someone doesn't know how to manage large-scale log management solutions, you should start small and grow your experience. You can start with Wazuh and switch to an enterprise solution once you start scaling up.