Wazuh Reviews

We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.

Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.

I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system.

I have been using Wazuh as an end user since 2023.

The product is stable.

The solution is scalable. In the Bangladesh market, several banks are now actively considering Wazuh. They become fully compliant with compliance issues. Earlier, they were struggling to obtain approval and maintain compliance standards.

I have used Elastic Security. There are some customization needs in Wazuh. We cannot customize it.

The initial setup is easy. Log management plays a crucial role in using Wazuh to its full potential. Assessing the volume and nature of the data is essential to determine EPS. This calculation is pivotal, as it dictates resource allocation, such as access, RAM, and storage specifications.

The product is an open-source platform.

Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location.

The solution’s maintenance is easy.

Overall, I rate the solution an eight out of ten.

We use the solution for event monitoring.

The tool is stable.

The rules are hard coded. The tool doesn't detect anomalies or new environments. The product lacks AI features. We have to do a lot of manual searching.

I have been using the solution for about eight months.

The tool is scalable for our use cases. Five to ten people use the solution in our organization. We need one administrator to monitor and improve our solution.

We did not contact support. Our company’s security personnel set everything and documented it.

We use Elastic Stack for logs.

The deployment was straightforward. It took two to three months. We needed two people for deployment.

We did the deployment in-house with the help of our security personnel and someone from the DevOps team.

The product is cheaper compared to other tools. Depending on the logs, the product costs $200 to $400. We currently have five servers.

We evaluated Google Cloud.

When Google contacted us, we were looking into an AI solution. Our implementation is rather basic. Overall, I rate the solution an eight out of ten.

We wanted a solution as an in-house SIEM tool, which can collect security and order logs for compliance purposes. We tried to explore a lot of tools and considering our budget and use cases, this tool matched our requirements.

We have five to seven users and we will be adding more users.

There are two features that stand out. Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work. Second, we can configure the logs per our requirement. 

The scalability of this solution could be improved. 

We have been Wazah for the past month. 

This is a stable solution but we have only tested that for one month. 

Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application. 

We have not reached out to the support team. We have just followed the Wazuh online documentation.

The initial setup is a little bit complex as it takes some time to understand the configurations. 

We started the implementation with the assistance of a consultant but completed it in-house. 

I would definitely recommend Wazuh to those who want a SIEM tool as a central logging system and for log management. You can complete the necessary security audits using this tool and have your security alerts configured if your system is receiving unknown attacks.

Overall, this is a fantastic tool but you will need an expert to assist with configuration. Scaling this solution is also challenging. We have not tested migrating from one server to another. 

I would rate this solution a six out of ten.

My company specializes in providing SIEM as a service. We leverage Wazoo for that. Since Wazoo is open-source, I hosted it on Azure.

We provide Wazuh as a service to our customers. Currently, we have three clients whose environments are integrated with our Wazuh server on our CRM system. We handle the typical CRM use cases, including security alerts and advisories, and monitor their environments through our Wazuh server.

It allows you to aggregate all your logs in one place and provides a unified view to monitor your security environment. Unlike other solutions, Wazuh is open-source, so you don't need to invest in significant capital expenses. You can easily set up a server on Azure or your infrastructure. While you will need specialized personnel to operate it, this is true for any SIEM solution.

One of Wazuh's most significant advantages, aside from being open source, is its flexible dashboards. Integrated with Elasticsearch, Wazuh allows you to create customized dashboards if you have an in-house developer. This level of customization isn’t available with Fortinet, which offers only pre-made dashboards. Wazuh lets you design any dashboard you need.

Wazuh doesn't have native support for some enterprise solutions. It requires an agent installed on the server, whether Windows Server or Linux, to collect logs. While you can gather information via SNMP or Splunk logs, this isn't natively supported. Some decoders are available, but they are community-built rather than officially supported. It relies on its community to create these decoders as an open-source platform, so they may not be fully integrated.

It's pretty stable. If it's not properly implemented, you don't have stability problems if you follow the documentation and do it as detailed documentation.

Wazuh is highly scalable. You can install it on-premises, in Azure, or using Docker. The architecture allows you to separate the dashboard, index, and node servers.

Wazuh offers technical support, but you need to pay for it. If you are using the open-source solution, you'll need to rely on the extensive documentation and the community itself.

Positive

The initial setup is complicated. You need a specialist in the technology to make good use of it. You can do it on-premises. You can do it on Azure. You can do it on the hybrid cloud as a docker. So it's very flexible.

We use Azure, which we currently use as a single server. We will migrate it to our partner using Azure.

It takes two months to deploy completely.

You save on licensing, and you need to invest in people.

When Wazuh is properly implemented, it runs smoothly without causing many problems. However, if it's not set up correctly, you might encounter issues that require weekly maintenance. These can include database and disk issues because, as a VM solution, Wazuh collects a large amount of logging data. Proper implementation prevents these problems, but they can arise if you're unsure how to do it.

Overall, I rate the solution an eight out of ten.

We integrated all of our services and infrastructure in the cloud with Wazuh.

I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform.

It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism.

I have been working with Wazuh for two and a half years.

Wazuh is a stable solution.

Wazuh is a scalable solution. We had 18 employees using this solution.

We had an AlienVault setup, but it does not support the cloud servers and infrastructure. Wazuh is known for cloud security event management.

It took less than ten days for the integration and to get the complete setup up and running.

Wazuh was implemented by one of my team members, who is a Wazuh expert. This employee did the complete installation and everything else.

Wazuh has a community edition, and I was using that. It's free and open source.

I would tell potential users to review the technical implementation documentation before setting up Wazuh. This is because setting up Wazuh is a little bit tricky for a newbie because they won't be able to understand the technicalities of the solution. Just go through the technical documentation and implementation documentation once before installing Wazuh.

On a scale from one to ten, I would give Wazuh a seven.

We use the solution for vulnerability metrics, auditing, and detecting SQL injection attacks.

The solution's most valuable feature is its SCA capabilities.

There could be a hardware monitoring tool for the solution. It helps reduce the cost of utilizing external resources for the same.

We have been using the solution for five to six months.

I rate the solution's scalability a ten out of ten. We have enterprise business clients.

We are currently evaluating the cost of the solution's support services.

We have multiple teams using the solution in the virtual environment. It was easy to deploy for a few teams while challenging for others.

I rate the solution's pricing a seven out of ten.

I rate the solution a seven out of ten. There needs to be monitoring for the hardware similar to Zabbix and Nagios solutions.

Wazuh is used for event information and management. We have several events that are of interest, and Wazuh lets our folks know if any of them trigger.

My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance.

There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded. 

I've only been with the company since November, but I believe they've been using Wazuh for maybe five years.

I haven't had issues with stability.

Wazuh can scale up, but it doesn't scale easily. It's extensively used. We have about 30 people in our company using it. 

Wazuh is an open-source solution, so there isn't any support. We look for answers in the knowledge base and on user forums.  

I wasn't with the company during the initial installation, but Wazuh does require some maintenance. We don't have the resources to take care of it, so it tends to get out of date and require updates. We have an administrator, but maintaining Wazuh is only one of his responsibilities. 

Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful. 

There are more advanced and robust offerings out there like QRadar that we should try instead of upgrading to a new version of Wazuh.

I rate Wazuh four out of 10. It can do the job, but you need to invest a lot of time configuring it for your use case.

Our primary use case was around data collection and anomaly detection. We integrated Wazuh with Google Cloud and other cloud providers to receive alerts and insights if there is any unauthorized data access in the production environment. 

We also monitor virtual machines for any malicious command execution and get notifications for any privilege access attempts. Additionally, we detect anomalies in traffic patterns related to specific client accounts.

Wazuh has provided us with excellent clarity on data access, allowing us to significantly reduce instances of unnecessary production environment access and improve processes. 

We now have real-time visibility into the production environment on both cloud and critical virtual machines, which was not possible with our previous manual audits.

We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh. These components are essential for our security needs.

The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively. The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub. Although they offer data fetching from Cloud Bucket as a more economical option, it was not functioning properly.

I've used the solution for four months, during which it was effectively deployed in our production environment for approximately 45 days.

The stability of Wazuh is strong, with no issues stemming from the solution itself. Any downtime we experienced was due to human error in configuration.

Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate. We found scalability to be decent, as we could easily adjust our infrastructure to handle increased traffic.

We use the open-source version of Wazuh, which does not provide paid support. Although the community is active, it is not highly responsive. Conversion from issue to resolution is average.

Neutral

Before Wazuh, we relied on periodic audits, which were time-consuming and did not provide automated detection of security anomalies.

Initial setup was incredibly simple, requiring only the running of one script for a single node setup. Complexities arose during integration with Kubernetes-based workloads due to insufficient documentation.

We required only two people for both the deployment and ongoing maintenance of Wazuh.

The return on investment is visible in reduced mean time to detect from potentially three months to about an hour and mean time to respond from up to thirty days to two days.

We did not incur costs for Wazuh itself, only for the underlying infrastructure such as PubSub, storage, and compute instances, totaling around two lakh Indian rupees per month.

We evaluated Google Chronicle and Elastic-based SIEM (ELK SIEM), but Wazuh was the most cost-effective solution, being open-source with necessary compute infrastructure.

Wazuh is well-suited for small to medium-sized organizations seeking better data and security visibility for a reasonable investment. There is a learning curve due to less comprehensive documentation, but it is a beautifully designed solution.

I'd rate the solution seven out of ten.