We use the solution for event monitoring.
An affordable and stable solution that can be used for event monitoring
Pros and Cons
- "The tool is stable."
- "The tool doesn't detect anomalies or new environments."
What is our primary use case?
What is most valuable?
The tool is stable.
What needs improvement?
The rules are hard coded. The tool doesn't detect anomalies or new environments. The product lacks AI features. We have to do a lot of manual searching.
For how long have I used the solution?
I have been using the solution for about eight months.
Buyer's Guide
Wazuh
December 2024
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,129 professionals have used our research since 2012.
What do I think about the scalability of the solution?
The tool is scalable for our use cases. Five to ten people use the solution in our organization. We need one administrator to monitor and improve our solution.
How are customer service and support?
We did not contact support. Our company’s security personnel set everything and documented it.
Which solution did I use previously and why did I switch?
We use Elastic Stack for logs.
How was the initial setup?
The deployment was straightforward. It took two to three months. We needed two people for deployment.
What about the implementation team?
We did the deployment in-house with the help of our security personnel and someone from the DevOps team.
What's my experience with pricing, setup cost, and licensing?
The product is cheaper compared to other tools. Depending on the logs, the product costs $200 to $400. We currently have five servers.
Which other solutions did I evaluate?
We evaluated Google Cloud.
What other advice do I have?
When Google contacted us, we were looking into an AI solution. Our implementation is rather basic. Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Project Lead at a tech services company with 51-200 employees
Great modules and metrics, good for small budgets, with excellent integration
Pros and Cons
- "The most valuable features are the modules and metrics."
- "It would be great if there could be customization for the decoder portion."
What is our primary use case?
Our primary use case is for monitoring the cloud as well as infrastructure.
What is most valuable?
The most valuable features are the modules and metrics. The asset inventory and everything from the agent and the capabilities to integrate the Windows Defender directly into the SIEM solution.
What needs improvement?
When the agents are not upgraded in comparison to the server they start behaving unknowingly. Some modules will be working, some modules will not be working. It would be great if there could be customization for the decoder portion.
For how long have I used the solution?
I have been using Wazuh for the past year and a half.
What do I think about the stability of the solution?
The stability is excellent and I would rate it a ten out of ten.
What do I think about the scalability of the solution?
the scalability is high and I would rate it an eight on a scale of one to ten.
How was the initial setup?
The initial setup was straightforward and easy to deploy.
What about the implementation team?
The time for deployment on the hardware takes only a few days.
What's my experience with pricing, setup cost, and licensing?
The current pricing is open source.
What other advice do I have?
I would highly recommend it, considering the current threats and cyber war also going on. if companies do not have a large budget to have a proper cybersecurity solution, they might consider Wazuh, another open source so that they can actually secure what is going on in the infrastructure. I would rate Wazuh a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Wazuh
December 2024
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,129 professionals have used our research since 2012.
IT Security Consultant at Microlan Kenya Limited
Good integration with other platforms but not easily scalable and lacks threat intelligence
Pros and Cons
- "It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
- "Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."
What is most valuable?
It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.
What needs improvement?
Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh. It's hard to really go into what Wazuh should add. If we call for Wazuh to improve one thing, then many things have to be improved. So if Wazuh's primary purpose is to cover the logs, then we can't really keep asking them to cover endpoints as well. And Wazuh doesn't have threat intelligence, to my knowledge. It can integrate with other sources of threat intel, but I haven't seen a native threat intel platform. Many people subscribe to Splunk for this platform. You can integrate threat intelligence from other solutions, but I haven't seen this feature in Wazuh.
For how long have I used the solution?
I only started working with Wazuh recently.
What do I think about the stability of the solution?
It seems like they're constantly updating Wazuh, and it causes some instability. So you get a lot of updates after a short while, and there are so many things that Wazuh is trying to implement. When I see these rapid changes, it means the Wazuh team is trying to implement some of the things that are not yet implemented. So when you implement new features, you only have to understand that it's not covering many sources of events. That's where I would say stability becomes an issue.
What do I think about the scalability of the solution?
Wazuh is not easily scalable. You have to consider the sources of events and maybe the amount of traffic. I think it's still a solution that's not easily adaptable to a massive amount of information.
How are customer service and support?
Our current clients are happy with Wazuh support. One client upgraded from the basic open-source package to a support subscription, so I haven't heard any complaints from that person since.
How was the initial setup?
Wazuh is a straightforward platform to set it up in a new environment. I wouldn't say it's complex. Another platform I used had a lot of licenses that were a pain to implement. Of course, after I implemented these licenses, it was very nice to work with. But Wazuh and Splunk are effortless to deploy.
What's my experience with pricing, setup cost, and licensing?
Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk.
What other advice do I have?
I would rate Wazuh a six out of 10. It's hard to compare Wazuh to commercial solutions like Splunk. It's fairer to evaluate the open-source tools together. So if I were to rate Wazuh alongside other open-source platforms, I would say it's the best in that category.
If customers are considering Wazuh, they should think about what kind of coverage they want. If they're focusing on the logs and threat monitoring, maybe Wazuh is okay by itself, but it's not something that provides traffic monitoring. Still, you can root out threats on your network using the logs. It's valuable information. So if you are looking to cover that scope, that's well and good. And if you're not familiar with this product, it's essential to have support. You can buy a subscription for support. So you need to know that Wazuh only covers logs and you need to consider if it suits your needs in terms of scalability. If you are comfortable with these few things, then Wazuh is okay. The solution is good. And if you need something for endpoint protection, Opex is another open-source tool used to monitor the endpoints for anything suspicious
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager (Information Security) at Girnarsoft Private Limited
A free and open source security platform with a valuable inventory feature
Pros and Cons
- "I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful."
- "Integration with Vyara could be better."
What is our primary use case?
We use Wazuh for inventory, logging activity, malware detection, and detecting hidden processes running on the server.
What is most valuable?
I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful.
What needs improvement?
Integration with Vyara could be better.
For how long have I used the solution?
I have been using Wazuh for about three months.
What do I think about the stability of the solution?
Wazuh is a stable solution. We have not faced any issues yet.
How was the initial setup?
The initial setup is straightforward, but we faced some challenges integrating it with Vyara.
On a scale from one to ten, I would give the initial setup a nine.
What's my experience with pricing, setup cost, and licensing?
Wazuh is free and open source.
What other advice do I have?
On a scale from one to ten, I would give Wazuh an eight.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Analyst at a tech services company with 501-1,000 employees
Has efficient integration features, but they could provide enhanced customization capabilities
Pros and Cons
- "One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability."
- "They could include flexibility and customization capabilities by modifying for customers based on partner agreements."
What is our primary use case?
We use Wazuh to deliver security features in a venture capital company project focused on building a mobile application.
What needs improvement?
They could include flexibility and customization capabilities by modifying for customers based on partner agreements. They could enhance governance-related tools for audit reports.
We conducted a cost-benefit evaluation and compared Wazuh with Sentinel and FortiCM. The decision to choose Wazuh was influenced by its compatibility with other systems and the strong open-source community.
In comparison, Microsoft has a huge community, but it needs to be easy to use. Additionally, FortiCM needs better community support.
For how long have I used the solution?
We are the latest version of Wazuh.
What do I think about the stability of the solution?
We have not encountered any performance issues for the application up until now. I rate the stability an eight out of ten.
What do I think about the scalability of the solution?
The product is easily scalable. We have around 20 executives using it daily. Our work on the use cases is still in progress.
How are customer service and support?
We contact a third-party supplier for technical support. They provide seamless services and resolve issues by the next day most of the time.
Which solution did I use previously and why did I switch?
I was a part of a service team using Splunk. I have experience working with Symantec Endpoint.
How was the initial setup?
I rate the initial setup process a seven out of ten.
What about the implementation team?
The implementation of Wazuh is done through a local third-party supplier, but the management and overall engagement with the company are handled in-house. The third-party supplier provides hardware provision, field engineers, and devices, with the day-to-day management and operations handled remotely.
There were some slight problems related to the images being used. However, these issues were attributed to infrastructure considerations rather than specific to Wazuh. Once the correct image was selected, the installation process for the first server during the proof of concept, which involved comparing Sentinel and other solutions, was completed relatively quickly—approximately one day.
It might require a team for regular patch management and vulnerability scanning. We have yet to start with the maintenance.
What's my experience with pricing, setup cost, and licensing?
For both personal and service use, the perceived cost is relatively low. They have a good pricing strategy for market expansion.
I rate the product's pricing a three out of ten.
Which other solutions did I evaluate?
We evaluated Sentinel.
What other advice do I have?
We are currently running a proof of concept and simulating usage with a select group of users as required by local bank licensing. It is utilized for vulnerability management. Up to this point, there have been minor incidents with no risks higher than moderate. Despite not needing immediate reaction, we have automation in place within your SOC and development team to respond in case of any recognized incidents.
One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability. Although it has yet to be fully implemented into production and is currently in a test environment, the decision to choose Wazuh was influenced significantly by this feature. It helps us streamline and automate the assessment of security incidents. We can organize response plans proactively, even before certain incidents occur. It is the most critical aspect for us.
There were initial challenges with the real-time alerting team due to the many systems-generated alerts. It took about three months to fine-tune the system configuration, focusing on capturing only the alarms relevant from a security perspective. Despite the initial difficulties, Wazuh worked seamlessly, and there were no notable issues with configurations, handling, or investigations. The challenges primarily occurred from system-related aspects rather than issues with Wazuh.
I do not have direct experience with scalability requirements, but the implementation has been seamless. No challenges are scaling up, especially regarding adding more machines to handle the same load. The challenge is delivering logs so that Wazuh can collect, read, and analyze them effectively. We were able to overcome major issues without the need for extensive support.
Wazuh has been integrated with an intrusion prevention system (IPS) solution, Suricata, also an open-source tool. This integration adds a layer for security monitoring. The integration process is quite straightforward, especially due to the community's availability of shared use cases.
I rate the product a seven out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cybersecurity supervisior at Optical Network
Open-source solution that immediately resolves vulnerabilities
Pros and Cons
- "Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source."
- "Wazuh needs more security and features, particularly visualization features and a health monitor."
What is our primary use case?
My main use case for Wazuh is checking security events.
What is most valuable?
Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source.
What needs improvement?
Wazuh needs more security features, particularly visualization features and a health monitor. In the next release, it should be easier to see the origin of events when connected to a firewall or switch. I would also like more integration with XDR and cloud-based formats like the GCO log testing system or Huawei.
For how long have I used the solution?
I've just started using Wazuh.
What do I think about the stability of the solution?
Wazuh is stable.
What do I think about the scalability of the solution?
I believe Wazuh is scalable.
Which solution did I use previously and why did I switch?
I previously used Splunk and changed to Wazuh because of its lower cost.
How was the initial setup?
The initial setup is easy.
What other advice do I have?
Wazuh is a good solution if you want to visualize your environment. I would rate Wazuh eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Architect - Database Administration at Mitra Innovation
A security platform that sits above the ELK stack, but threat intelligence could be better
Pros and Cons
- "I like that the solution is on top of the Kubernetes stack."
- "The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way."
What is our primary use case?
We use Wazuh as a SIEM tool for log aggregation and understanding different compliances. If there are vulnerabilities in the operating systems, that can be traced using Wazuh.
What is most valuable?
I like that the solution is on top of the Kubernetes stack.
What needs improvement?
The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way.
For how long have I used the solution?
We have been using Wazuh for six to eight months.
What do I think about the stability of the solution?
Wazuh is stable after some tweaks.
What do I think about the scalability of the solution?
Wazuh is scalable. One of our customers is using Wazuh and has about 98 endpoints. So, we could say 98 servers, and it's been integrated.
How was the initial setup?
The initial setup is straightforward. I don't see that much of a challenge, especially on the Wazuh cloud. Even Wazuh's on-prem solutions are pretty comprehensive.
It takes about three to four hours to set up Wazuh manager on-premise. After that, the client installations are very straightforward. For a client, it might take about five minutes.
What about the implementation team?
We implement this solution for our clients. Maintenance and management depend on how many clients, how many different instances, or how many different projects you are maintaining. One technical staff is more than enough if it's for a single setup because there's not much maintenance required. You can set up all the policies on Wazuh itself. Like all the lifecycle management solutions, all that is inbuilt.
What's my experience with pricing, setup cost, and licensing?
Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them.
What other advice do I have?
I would recommend this solution to potential users. It's a simple solution you can try for free, and you can get support. I would recommend Wazuh because people can test it, understand how it works, and then decide if they want to continue using it.
On a scale from one to ten, I would give Wazuh a six.
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Lead Security Engineer at a tech services company with 201-500 employees
Requires extensive configuration to suit your needs, though I appreciate its open-source aspect
Pros and Cons
- "I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch."
- "Wazuh is missing many things that a typical SIEM should have."
What is our primary use case?
We use Wazuh as a SIEM instead of Logstash, so it's like a managed version of ELK. We customized queries and search detection according to that. The good thing is that it also provides a module called Monitor, and using that, we set up alerts to Slack or email. Then, based on Slack, we implemented an automation to prevent things as per our demands.
What is most valuable?
I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch. Another good thing about Wazuh is that it's open-source.
What needs improvement?
A lot of things could be improved with Wazuh. A company I worked with used this product with their customizations since Wazuh is missing many things that a typical SIEM should have. One thing that was missing was log source management. We didn't have any modules for that. Wazuh's parsing is very complex. You must write decoders to make it as easy as in other SIEMs, like in QRadar.
The stability and scalability could be improved.
For how long have I used the solution?
I've been working on Wazuh for about eight months.
What do I think about the stability of the solution?
I am 60% confident in Wazuh's stability. I have one client, and I have been facing stability issues. I have to troubleshoot the solution every second or third month.
What do I think about the scalability of the solution?
I am 60% confident in Wazuh's scalability.
How was the initial setup?
The initial setup is very easy. It is exactly like ELK. You deploy Elasticsearch, Wazuh, and Kibana. It took one day to deploy the solution.
For deployment, you need to plan how many resources you need. For example, if it's a Linux machine, you just download the required binaries from their site. After that, unzip the folder downloaded from their site, and then you just want a couple of scripts, and it will install Elasticsearch. You would do the same for Logstash, Wazuh, or Kibana. You must configure the solution a little to ensure that Logstash or Elasticsearch recognizes Kibana, so you have to provide the IPs and all that. Then, the solution is all set up.
What's my experience with pricing, setup cost, and licensing?
My client uses the open-source version of Wazuh.
What other advice do I have?
Wazuh is a cloud-based SIEM solution that can be deployed on-prem. Wazuh has the same capabilities as ELK: Elastic, Logstash, and Kibana. You can integrate devices with Wazuh and deploy use cases according to your demands. For example, in the financial sector, you will have your detections according to finance. In the education sector, you will have different use cases. It all depends on the client.
The solution is open-source, and I can't access technical support. I have been searching for someone to assist me, but my team and I have always been figuring out how to work with the solution.
I rate Wazuh a five-point five out of ten.
I wouldn't tell anyone not to use Wazuh. They can still choose if it fits in their budget, but I would ask them to plan first. And instead of going all in one, I recommend they use separate instances for separate modules to ensure the solution is scalable and stable. They should not use one instance for all of their modules. When their log or your business size grows, they will have more logs and then have to deal with stability issues.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Wazuh Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Log Management Security Information and Event Management (SIEM) Extended Detection and Response (XDR)Popular Comparisons
Splunk Enterprise Security
Dynatrace
Datadog
IBM Security QRadar
Elastic Security
Elastic Observability
Graylog
Sumo Logic Security
LogRhythm SIEM
Grafana Loki
Security Onion
Fortinet FortiAnalyzer
syslog-ng
Amazon CloudWatch
Google Cloud's operations suite (formerly Stackdriver)
Buyer's Guide
Download our free Wazuh Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the difference between SIEM and Next-Gen SIEM solutions?
- When evaluating Log Management tools and software, what aspect do you think is the most important to look for?
- Datadog vs ELK: which one is good in terms of performance, cost and efficiency?
- Which Windows event log monitoring tool do you recommend?
- What is the difference between log management and SIEM?
- Splunk vs. Elastic Stack
- How can Cloudtrail logs be used effectively to improve log monitoring?
- Why hot data and cold data differences in SIEM solutions are not discussed sufficiently?
- When evaluating Log Management solutions, what aspect do you think is the most important to look for?
- When evaluating Log Management solutions, what aspects do you think are the most important to look for?