Wazuh Reviews

We use the solution for event monitoring.

The tool is stable.

The rules are hard coded. The tool doesn't detect anomalies or new environments. The product lacks AI features. We have to do a lot of manual searching.

I have been using the solution for about eight months.

The tool is scalable for our use cases. Five to ten people use the solution in our organization. We need one administrator to monitor and improve our solution.

We did not contact support. Our company’s security personnel set everything and documented it.

We use Elastic Stack for logs.

The deployment was straightforward. It took two to three months. We needed two people for deployment.

We did the deployment in-house with the help of our security personnel and someone from the DevOps team.

The product is cheaper compared to other tools. Depending on the logs, the product costs $200 to $400. We currently have five servers.

We evaluated Google Cloud.

When Google contacted us, we were looking into an AI solution. Our implementation is rather basic. Overall, I rate the solution an eight out of ten.

It is used primarily for event management in our organization, which falls into the category of an edge Intrusion Detection System (IDS) or host Internet protection system. Our company is not very large, with around twenty to thirty servers and approximately one hundred fifty to two hundred endpoints. Wazuh serves as a centralized platform for collecting security events and managing vulnerabilities across your systems. Its main purpose is to analyze and improve the overall security posture of our organization.

Before the deployment of Wazuh, we faced challenges related to vulnerability management and version change history. Vulnerabilities often went unreported, and there was no organized system for managing vulnerabilities. Since we implemented it, there has been a notable improvement. Vulnerabilities have significantly decreased, with nearly fifty percent of servers now reporting zero vulnerabilities. This positive change is attributed to regular reporting, remediation efforts, and frequent system updates.

It offers built-in modules for file integrity and vulnerability management. This provides the convenience of having these features integrated into one platform rather than using separate dedicated tools. Wazuh's comprehensive compliance with various modules aligns well with our organization's needs, making it a highly suitable and efficient solution.

It is an open-source tool with a strong community. We had positive experiences with community support, having received solutions for most of your inquiries in the past. However, it would be beneficial if Wazuh could provide clearer guidance or tutorials on how to add components to the user interface (UI), especially when integrating tools that aren't inherently supported by Wazuh. A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for such custom integrations would be beneficial.

I have been working with it for the last three years.

The stability capabilities are almost perfect. I would rate it nine out of ten.

It offers excellent scalability features. I would rate it nine out of ten.

Their customer support services are excellent. I would rate it nine out of ten.

Positive

We use other tools like SpamTitan and Fortis for specific purposes. SpamTitan is employed for email spam filtering and Fortis for client-related tasks. These tools complement our overall cybersecurity and client management efforts.

While generally straightforward, there were some challenges during the initial setup process, particularly when dealing with certificate-related issues. I would rate it seven out of ten.

The deployment took a total of five days, involving three individuals. Once deployed, the solution is efficiently maintained by just one person.

Wazuh is an open-source tool, which means it is freely available for use.

I recommend it for its flexibility and adaptability to specific organizational needs. I would rate it eight out of ten.

We use the solution for vulnerability metrics, auditing, and detecting SQL injection attacks.

The solution's most valuable feature is its SCA capabilities.

There could be a hardware monitoring tool for the solution. It helps reduce the cost of utilizing external resources for the same.

We have been using the solution for five to six months.

I rate the solution's scalability a ten out of ten. We have enterprise business clients.

We are currently evaluating the cost of the solution's support services.

We have multiple teams using the solution in the virtual environment. It was easy to deploy for a few teams while challenging for others.

I rate the solution's pricing a seven out of ten.

I rate the solution a seven out of ten. There needs to be monitoring for the hardware similar to Zabbix and Nagios solutions.

We use the solution for endpoint detection and response. It helps us detect malicious files.

The solution is easy to integrate with other SOC tools. Also, it has a lot of capabilities like active response, cloud security, etc.

The solution's configuration could be faster.

We have been using the solution for two months.

The solution is easy to install. However, it takes a long time to configure.

It is a stable solution.

It is an open-source solution.

I recommend the solution to others and rate it a seven. It has many features and integrates with other substitutes like QRadar, Hive, etc.

We use Wazuh for inventory, logging activity, malware detection, and detecting hidden processes running on the server. 

I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful.

Integration with Vyara could be better.

I have been using Wazuh for about three months.

Wazuh is a stable solution. We have not faced any issues yet.

The initial setup is straightforward, but we faced some challenges integrating it with Vyara. 

On a scale from one to ten, I would give the initial setup a nine.

Wazuh is free and open source.

On a scale from one to ten, I would give Wazuh an eight.

It is a basic level requirement for the compliance factor. There is regulatory compliance by the regulator called CDDISR, and we need to ensure that all the network's critical components send the logs. Wazuh allows us to complete forensic tasks to track any attacks.

The reporting and attractive dashboard are the most valuable features. We used Splunk, but it was a bit expensive. On the other hand, Wazuh has very flexible and robust features.

The computing resources are consuming and do not make sense. It should be lighter in terms of memory, CPU, and computing. There is a direct need for improvisation for any user, and it should be lighter than the current version. In the next release, they should include secure mobile app integration.

We have been using this solution for almost three months. It is deployed on-premises by our vendor.

It is a stable solution, and the performance is good.

It is scalable and does not require adding further devices. The number of devices that we already have are listed there. The basic use case is the compliance factor, and there's no additional need. However, if we start doing more extensive logging, we might need Splunk because Wazuh has some limitations in consuming heavier resources. Splunk is the best for large data computing and big data.

The vendor provides support, but we haven't approached them for support yet.

We hired a third-party company for the setup, and they took considerable time to complete it. They were not experts, and it took them about a week. It should have taken only about three days. I rate the setup an eight out of ten. After setup, it does not require any additional maintenance.

We paid a lump sum as managed services, so the operator charges an amount for a year using a complete compliance system. The complete compliance system is just one component, so we are not being charged separately for the suite. This means we have the luxury of using it as a combo deal.

I rate this solution an eight out of ten. Regarding advice, if anyone is going for Wazuh, they have to understand their buying compute if they're going on cloud. They should ideally evaluate the Apple-to-Apple comparison between the products in terms of how computing-intensive the product is. So if Wazuh is inefficient in computing, it should be option two. They should identify any other product which has efficient computing capabilities. There should also be a skilled resource available as an implementation partner.

We use Wazuh as a SIEM tool for log aggregation and understanding different compliances. If there are vulnerabilities in the operating systems, that can be traced using Wazuh.

I like that the solution is on top of the Kubernetes stack.

The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way.

We have been using Wazuh for six to eight months.

Wazuh is stable after some tweaks. 

Wazuh is scalable. One of our customers is using Wazuh and has about 98 endpoints. So, we could say 98 servers, and it's been integrated.

The initial setup is straightforward. I don't see that much of a challenge, especially on the Wazuh cloud. Even Wazuh's on-prem solutions are pretty comprehensive.

It takes about three to four hours to set up Wazuh manager on-premise. After that, the client installations are very straightforward. For a client, it might take about five minutes.

We implement this solution for our clients. Maintenance and management depend on how many clients, how many different instances, or how many different projects you are maintaining. One technical staff is more than enough if it's for a single setup because there's not much maintenance required. You can set up all the policies on Wazuh itself. Like all the lifecycle management solutions, all that is inbuilt.

Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them.

I would recommend this solution to potential users. It's a simple solution you can try for free, and you can get support. I would recommend Wazuh because people can test it, understand how it works, and then decide if they want to continue using it.

On a scale from one to ten, I would give Wazuh a six. 

It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.

Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh. It's hard to really go into what Wazuh should add. If we call for Wazuh to improve one thing, then many things have to be improved. So if Wazuh's primary purpose is to cover the logs, then we can't really keep asking them to cover endpoints as well. And Wazuh doesn't have threat intelligence, to my knowledge. It can integrate with other sources of threat intel, but I haven't seen a native threat intel platform. Many people subscribe to Splunk for this platform. You can integrate threat intelligence from other solutions, but I haven't seen this feature in Wazuh.

I only started working with Wazuh recently. 

It seems like they're constantly updating Wazuh, and it causes some instability. So you get a lot of updates after a short while, and there are so many things that Wazuh is trying to implement. When I see these rapid changes, it means the Wazuh team is trying to implement some of the things that are not yet implemented. So when you implement new features, you only have to understand that it's not covering many sources of events. That's where I would say stability becomes an issue.

Wazuh is not easily scalable. You have to consider the sources of events and maybe the amount of traffic. I think it's still a solution that's not easily adaptable to a massive amount of information.

Our current clients are happy with Wazuh support. One client upgraded from the basic open-source package to a support subscription, so I haven't heard any complaints from that person since.

Wazuh is a straightforward platform to set it up in a new environment. I wouldn't say it's complex. Another platform I used had a lot of licenses that were a pain to implement. Of course, after I implemented these licenses, it was very nice to work with. But Wazuh and Splunk are effortless to deploy.

Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk.

I would rate Wazuh a six out of 10. It's hard to compare Wazuh to commercial solutions like Splunk. It's fairer to evaluate the open-source tools together. So if I were to rate Wazuh alongside other open-source platforms, I would say it's the best in that category. 

If customers are considering Wazuh, they should think about what kind of coverage they want. If they're focusing on the logs and threat monitoring, maybe Wazuh is okay by itself, but it's not something that provides traffic monitoring. Still, you can root out threats on your network using the logs. It's valuable information. So if you are looking to cover that scope, that's well and good. And if you're not familiar with this product, it's essential to have support. You can buy a subscription for support. So you need to know that Wazuh only covers logs and you need to consider if it suits your needs in terms of scalability. If you are comfortable with these few things, then Wazuh is okay. The solution is good. And if you need something for endpoint protection, Opex is another open-source tool used to monitor the endpoints for anything suspicious