When Wazuh is properly implemented, it runs smoothly without causing many problems. However, if it's not set up correctly, you might encounter issues that require weekly maintenance. These can include database and disk issues because, as a VM solution, Wazuh collects a large amount of logging data. Proper implementation prevents these problems, but they can arise if you're unsure how to do it. Overall, I rate the solution an eight out of ten.
The vulnerability detection module and the MITRE framework are helpful because we are using the tool in our own data centers. The vulnerability detection module prevents us from being exploited by different vulnerabilities and different packages existing in our environment. Wazuh's compliance management feature supports your regulatory requirements since it provides PCI DSS and NIST 800-53 framework. In general, the tool provides us with the baseline that is required. I need two people to maintain it constantly and to monitor Wazuh so that we can resolve different types of space alerts and manage different file systems attached to it. The tool is good, but you should be prepared to put in some manual effort to use it and also have some good technical support to perform the manual functions and operations you need in Wazuh. I rate the tool an eight out of ten.
Security Analyst at a tech services company with 501-1,000 employees
Real User
Top 20
2024-02-09T12:08:03Z
Feb 9, 2024
We are currently running a proof of concept and simulating usage with a select group of users as required by local bank licensing. It is utilized for vulnerability management. Up to this point, there have been minor incidents with no risks higher than moderate. Despite not needing immediate reaction, we have automation in place within your SOC and development team to respond in case of any recognized incidents. One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability. Although it has yet to be fully implemented into production and is currently in a test environment, the decision to choose Wazuh was influenced significantly by this feature. It helps us streamline and automate the assessment of security incidents. We can organize response plans proactively, even before certain incidents occur. It is the most critical aspect for us. There were initial challenges with the real-time alerting team due to the many systems-generated alerts. It took about three months to fine-tune the system configuration, focusing on capturing only the alarms relevant from a security perspective. Despite the initial difficulties, Wazuh worked seamlessly, and there were no notable issues with configurations, handling, or investigations. The challenges primarily occurred from system-related aspects rather than issues with Wazuh. I do not have direct experience with scalability requirements, but the implementation has been seamless. No challenges are scaling up, especially regarding adding more machines to handle the same load. The challenge is delivering logs so that Wazuh can collect, read, and analyze them effectively. We were able to overcome major issues without the need for extensive support. Wazuh has been integrated with an intrusion prevention system (IPS) solution, Suricata, also an open-source tool. This integration adds a layer for security monitoring. The integration process is quite straightforward, especially due to the community's availability of shared use cases. I rate the product a seven out of ten.
Security engineer at a tech services company with 51-200 employees
Real User
Top 5
2024-02-08T09:46:18Z
Feb 8, 2024
If correctly configured, Wazuh can support threat detection and response for SMBs. Wazuh is a good solution if you can implement, integrate, and fine-tune it in the right way. Overall, I rate Wazuh an eight out of ten.
Cybersecurity specialist at a manufacturing company with 51-200 employees
Real User
Top 10
2024-02-07T09:21:42Z
Feb 7, 2024
The product has been implemented in my company's environment for threat direction straight out of the box through a simple implementation process. My company uses the product for threat detection and to create and tune playbooks with roles. My company uses the product in our lab environment, so it's not used for production, which makes it easier for us to deal with the tuning part of the product. The product helps our company's ability to comply with industry standards since we use the CIS benchmark for hardening GDPR compliance. My company uses the product for event analysis. My company uses Wazuh as a SIEM solution. My company uses the product for many of our use cases, and we also deal with the configuration part of the tool. My company is trying to tune the product, and it is possible to use it for event analysis with Wazuh. The product is effective in terms of event analysis. The integration capabilities of the product with other tools, like FortiGate and NetFlow, are good. More time is required for me to be able to see how the product's scalability can impact our company's environment. The product is easy to customize. The product provides good setup documentation regarding the language to be used to use the product's customization abilities. The product offers a good level of documentation along with a good online community. On the internet, it is easier to get information about any problem or issue users face with the tool. I recommend the product be used in a team with fewer members for security operations. The tool can be used if you work in areas like security and administration, where it can be easily used and implemented. I rate the tool an eight out of ten.
Cyber Digital Transformation Engineer at OneWorldInfoTech
Real User
Top 10
2024-01-31T07:52:00Z
Jan 31, 2024
Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location. The solution’s maintenance is easy. Overall, I rate the solution an eight out of ten.
Senior Systems Engineer at a insurance company with 201-500 employees
Real User
Top 10
2023-10-20T04:55:32Z
Oct 20, 2023
We're still in a test phase with Wazuh. I'm testing integration with the tools that other tools that we are using in a clustered environment. We can adapt the solution on the way forward. I rate Wazuh a seven out of ten.
Informatics Engineering Lecturer at Innovation Center STMIK AMIKOM
Real User
Top 20
2023-09-08T14:27:02Z
Sep 8, 2023
I would recommend this product to other users in the field of cybersecurity. It provides enhanced network security and many useful features. It is easy to use, with a pricing structure that is more affordable compared to other options. I would rate it eight out of ten.
Wazuh is a cloud-based SIEM solution that can be deployed on-prem. Wazuh has the same capabilities as ELK: Elastic, Logstash, and Kibana. You can integrate devices with Wazuh and deploy use cases according to your demands. For example, in the financial sector, you will have your detections according to finance. In the education sector, you will have different use cases. It all depends on the client. The solution is open-source, and I can't access technical support. I have been searching for someone to assist me, but my team and I have always been figuring out how to work with the solution. I rate Wazuh a five-point five out of ten. I wouldn't tell anyone not to use Wazuh. They can still choose if it fits in their budget, but I would ask them to plan first. And instead of going all in one, I recommend they use separate instances for separate modules to ensure the solution is scalable and stable. They should not use one instance for all of their modules. When their log or your business size grows, they will have more logs and then have to deal with stability issues.
I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. Overall, I rate the product an eight out of ten.
If you have the budget, I would suggest looking into other options. However, if you want to secure your endpoints without significant investment, Wazuh is a good tool. Just keep in mind that it may not scale well beyond a few thousand devices. I would rate the open-source version as five out of ten.
Software Engineer at a computer software company with 1,001-5,000 employees
Real User
Top 10
2023-06-15T10:25:07Z
Jun 15, 2023
I would advise you to carefully follow the documentation. It is straightforward and to the point. If any issues arise, the Wazuh Slack community is highly active and responsive. They can provide assistance within 24 hours or even less, helping with any deployment or management challenges. Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors. Unlike some paid tools, Wazuh is extensive and extendible and allows integration with open-source tools and scripts. It is flexible, reliable, and open-source, which is its biggest advantage. Overall, it is a good solution. I would rate the solution a nine out of ten. Considering that Wazuh is open source and free of cost while providing all the necessary features, I would rate it nine or ten. I lean towards ten because it offers a comprehensive solution without any financial burden. However, compared to industry leaders like LogRhythm and Splunk, which have machine learning modules, Wazuh lacks in that aspect. So, overall, I would rate it nine, but because of its cost-effectiveness, it deserves a ten.
Based on the current market trend, I would highly recommend Wazuh to other users. It is an open-source tool that is highly scalable and provides custom alerting features that are not available from most other vendors. While ELK stack is the only other comparable open-source option, Wazuh's advanced capabilities make it a strong contender. In general terms, if you're looking for a scalable and efficient SIEM solution that provides accurate alerting without too much noise, I would confidently recommend Wazuh to nine out of ten users.
Head Information Security at Akhtar Fuiou Technologies
Real User
Top 5
2023-02-28T09:06:08Z
Feb 28, 2023
I like this product and the fact that we're getting everything for free. However, it's a complex solution to deploy and manage and that's a pain point for us so I deduct two points and rate it eight out of 10.
Project Lead at a tech services company with 51-200 employees
Real User
Top 10
2023-01-12T13:30:00Z
Jan 12, 2023
I would highly recommend it, considering the current threats and cyber war also going on. if companies do not have a large budget to have a proper cybersecurity solution, they might consider Wazuh, another open source so that they can actually secure what is going on in the infrastructure. I would rate Wazuh a nine out of ten.
I would definitely recommend Wazuh to those who want a SIEM tool as a central logging system and for log management. You can complete the necessary security audits using this tool and have your security alerts configured if your system is receiving unknown attacks. Overall, this is a fantastic tool but you will need an expert to assist with configuration. Scaling this solution is also challenging. We have not tested migrating from one server to another. I would rate this solution a six out of ten.
I rate this solution an eight out of ten. Regarding advice, if anyone is going for Wazuh, they have to understand their buying compute if they're going on cloud. They should ideally evaluate the Apple-to-Apple comparison between the products in terms of how computing-intensive the product is. So if Wazuh is inefficient in computing, it should be option two. They should identify any other product which has efficient computing capabilities. There should also be a skilled resource available as an implementation partner.
I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration could be easier.
Manager Cloud Security Operations at TraceLink, Inc.
Consultant
2022-08-01T13:01:54Z
Aug 1, 2022
I rate Wazuh nine out of 10. It's a powerful tool, and you can do lots of things with it. Wazuh is a good choice if you're on a tight budget, but you need to have an enterprise-level SIEM deployment. If someone doesn't know how to manage large-scale log management solutions, you should start small and grow your experience. You can start with Wazuh and switch to an enterprise solution once you start scaling up.
GISO - Global Information Security Officer at Beyon Connect
Real User
2022-07-10T15:39:18Z
Jul 10, 2022
I would tell potential users to review the technical implementation documentation before setting up Wazuh. This is because setting up Wazuh is a little bit tricky for a newbie because they won't be able to understand the technicalities of the solution. Just go through the technical documentation and implementation documentation once before installing Wazuh. On a scale from one to ten, I would give Wazuh a seven.
My advice to someone considering Wazuh would depend on if they are using the open-source solution or not. If they are using open-source, I recommend that they purchase the support from Wazuh. Be prepared to be patient and wait for the services to be completely up. Once it is up, you are free to use it. I would rate this solution an eight out of ten.
Tech Lead Security at a comms service provider with 51-200 employees
Real User
2022-03-16T20:33:57Z
Mar 16, 2022
My advice to others is Wazuh is a good starter solution but there are other more advanced solutions on the market, such as Splunk which is an industry-level solution. I rate Wazuh a five out of ten.
I would rate Wazuh a six out of 10. It's hard to compare Wazuh to commercial solutions like Splunk. It's fairer to evaluate the open-source tools together. So if I were to rate Wazuh alongside other open-source platforms, I would say it's the best in that category. If customers are considering Wazuh, they should think about what kind of coverage they want. If they're focusing on the logs and threat monitoring, maybe Wazuh is okay by itself, but it's not something that provides traffic monitoring. Still, you can root out threats on your network using the logs. It's valuable information. So if you are looking to cover that scope, that's well and good. And if you're not familiar with this product, it's essential to have support. You can buy a subscription for support. So you need to know that Wazuh only covers logs and you need to consider if it suits your needs in terms of scalability. If you are comfortable with these few things, then Wazuh is okay. The solution is good. And if you need something for endpoint protection, Opex is another open-source tool used to monitor the endpoints for anything suspicious
Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.
It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate...
When Wazuh is properly implemented, it runs smoothly without causing many problems. However, if it's not set up correctly, you might encounter issues that require weekly maintenance. These can include database and disk issues because, as a VM solution, Wazuh collects a large amount of logging data. Proper implementation prevents these problems, but they can arise if you're unsure how to do it. Overall, I rate the solution an eight out of ten.
The vulnerability detection module and the MITRE framework are helpful because we are using the tool in our own data centers. The vulnerability detection module prevents us from being exploited by different vulnerabilities and different packages existing in our environment. Wazuh's compliance management feature supports your regulatory requirements since it provides PCI DSS and NIST 800-53 framework. In general, the tool provides us with the baseline that is required. I need two people to maintain it constantly and to monitor Wazuh so that we can resolve different types of space alerts and manage different file systems attached to it. The tool is good, but you should be prepared to put in some manual effort to use it and also have some good technical support to perform the manual functions and operations you need in Wazuh. I rate the tool an eight out of ten.
We are currently running a proof of concept and simulating usage with a select group of users as required by local bank licensing. It is utilized for vulnerability management. Up to this point, there have been minor incidents with no risks higher than moderate. Despite not needing immediate reaction, we have automation in place within your SOC and development team to respond in case of any recognized incidents. One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability. Although it has yet to be fully implemented into production and is currently in a test environment, the decision to choose Wazuh was influenced significantly by this feature. It helps us streamline and automate the assessment of security incidents. We can organize response plans proactively, even before certain incidents occur. It is the most critical aspect for us. There were initial challenges with the real-time alerting team due to the many systems-generated alerts. It took about three months to fine-tune the system configuration, focusing on capturing only the alarms relevant from a security perspective. Despite the initial difficulties, Wazuh worked seamlessly, and there were no notable issues with configurations, handling, or investigations. The challenges primarily occurred from system-related aspects rather than issues with Wazuh. I do not have direct experience with scalability requirements, but the implementation has been seamless. No challenges are scaling up, especially regarding adding more machines to handle the same load. The challenge is delivering logs so that Wazuh can collect, read, and analyze them effectively. We were able to overcome major issues without the need for extensive support. Wazuh has been integrated with an intrusion prevention system (IPS) solution, Suricata, also an open-source tool. This integration adds a layer for security monitoring. The integration process is quite straightforward, especially due to the community's availability of shared use cases. I rate the product a seven out of ten.
If correctly configured, Wazuh can support threat detection and response for SMBs. Wazuh is a good solution if you can implement, integrate, and fine-tune it in the right way. Overall, I rate Wazuh an eight out of ten.
The product has been implemented in my company's environment for threat direction straight out of the box through a simple implementation process. My company uses the product for threat detection and to create and tune playbooks with roles. My company uses the product in our lab environment, so it's not used for production, which makes it easier for us to deal with the tuning part of the product. The product helps our company's ability to comply with industry standards since we use the CIS benchmark for hardening GDPR compliance. My company uses the product for event analysis. My company uses Wazuh as a SIEM solution. My company uses the product for many of our use cases, and we also deal with the configuration part of the tool. My company is trying to tune the product, and it is possible to use it for event analysis with Wazuh. The product is effective in terms of event analysis. The integration capabilities of the product with other tools, like FortiGate and NetFlow, are good. More time is required for me to be able to see how the product's scalability can impact our company's environment. The product is easy to customize. The product provides good setup documentation regarding the language to be used to use the product's customization abilities. The product offers a good level of documentation along with a good online community. On the internet, it is easier to get information about any problem or issue users face with the tool. I recommend the product be used in a team with fewer members for security operations. The tool can be used if you work in areas like security and administration, where it can be easily used and implemented. I rate the tool an eight out of ten.
Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location. The solution’s maintenance is easy. Overall, I rate the solution an eight out of ten.
We're still in a test phase with Wazuh. I'm testing integration with the tools that other tools that we are using in a clustered environment. We can adapt the solution on the way forward. I rate Wazuh a seven out of ten.
When Google contacted us, we were looking into an AI solution. Our implementation is rather basic. Overall, I rate the solution an eight out of ten.
I would recommend this product to other users in the field of cybersecurity. It provides enhanced network security and many useful features. It is easy to use, with a pricing structure that is more affordable compared to other options. I would rate it eight out of ten.
Wazuh is a cloud-based SIEM solution that can be deployed on-prem. Wazuh has the same capabilities as ELK: Elastic, Logstash, and Kibana. You can integrate devices with Wazuh and deploy use cases according to your demands. For example, in the financial sector, you will have your detections according to finance. In the education sector, you will have different use cases. It all depends on the client. The solution is open-source, and I can't access technical support. I have been searching for someone to assist me, but my team and I have always been figuring out how to work with the solution. I rate Wazuh a five-point five out of ten. I wouldn't tell anyone not to use Wazuh. They can still choose if it fits in their budget, but I would ask them to plan first. And instead of going all in one, I recommend they use separate instances for separate modules to ensure the solution is scalable and stable. They should not use one instance for all of their modules. When their log or your business size grows, they will have more logs and then have to deal with stability issues.
I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. Overall, I rate the product an eight out of ten.
If you have the budget, I would suggest looking into other options. However, if you want to secure your endpoints without significant investment, Wazuh is a good tool. Just keep in mind that it may not scale well beyond a few thousand devices. I would rate the open-source version as five out of ten.
I would advise you to carefully follow the documentation. It is straightforward and to the point. If any issues arise, the Wazuh Slack community is highly active and responsive. They can provide assistance within 24 hours or even less, helping with any deployment or management challenges. Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors. Unlike some paid tools, Wazuh is extensive and extendible and allows integration with open-source tools and scripts. It is flexible, reliable, and open-source, which is its biggest advantage. Overall, it is a good solution. I would rate the solution a nine out of ten. Considering that Wazuh is open source and free of cost while providing all the necessary features, I would rate it nine or ten. I lean towards ten because it offers a comprehensive solution without any financial burden. However, compared to industry leaders like LogRhythm and Splunk, which have machine learning modules, Wazuh lacks in that aspect. So, overall, I would rate it nine, but because of its cost-effectiveness, it deserves a ten.
I recommend the solution to others and rate it a seven. It has many features and integrates with other substitutes like QRadar, Hive, etc.
It's a good solution for SMEs. It may not be ideal for enterprise-level companies. I'd rate the solution eight out of ten.
Based on the current market trend, I would highly recommend Wazuh to other users. It is an open-source tool that is highly scalable and provides custom alerting features that are not available from most other vendors. While ELK stack is the only other comparable open-source option, Wazuh's advanced capabilities make it a strong contender. In general terms, if you're looking for a scalable and efficient SIEM solution that provides accurate alerting without too much noise, I would confidently recommend Wazuh to nine out of ten users.
I like this product and the fact that we're getting everything for free. However, it's a complex solution to deploy and manage and that's a pain point for us so I deduct two points and rate it eight out of 10.
I would highly recommend it, considering the current threats and cyber war also going on. if companies do not have a large budget to have a proper cybersecurity solution, they might consider Wazuh, another open source so that they can actually secure what is going on in the infrastructure. I would rate Wazuh a nine out of ten.
I would definitely recommend Wazuh to those who want a SIEM tool as a central logging system and for log management. You can complete the necessary security audits using this tool and have your security alerts configured if your system is receiving unknown attacks. Overall, this is a fantastic tool but you will need an expert to assist with configuration. Scaling this solution is also challenging. We have not tested migrating from one server to another. I would rate this solution a six out of ten.
I rate this solution an eight out of ten. Regarding advice, if anyone is going for Wazuh, they have to understand their buying compute if they're going on cloud. They should ideally evaluate the Apple-to-Apple comparison between the products in terms of how computing-intensive the product is. So if Wazuh is inefficient in computing, it should be option two. They should identify any other product which has efficient computing capabilities. There should also be a skilled resource available as an implementation partner.
I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration could be easier.
Wazuh is a good solution if you want to visualize your environment. I would rate Wazuh eight out of ten.
I rate Wazuh nine out of 10. It's a powerful tool, and you can do lots of things with it. Wazuh is a good choice if you're on a tight budget, but you need to have an enterprise-level SIEM deployment. If someone doesn't know how to manage large-scale log management solutions, you should start small and grow your experience. You can start with Wazuh and switch to an enterprise solution once you start scaling up.
I would tell potential users to review the technical implementation documentation before setting up Wazuh. This is because setting up Wazuh is a little bit tricky for a newbie because they won't be able to understand the technicalities of the solution. Just go through the technical documentation and implementation documentation once before installing Wazuh. On a scale from one to ten, I would give Wazuh a seven.
My advice to someone considering Wazuh would depend on if they are using the open-source solution or not. If they are using open-source, I recommend that they purchase the support from Wazuh. Be prepared to be patient and wait for the services to be completely up. Once it is up, you are free to use it. I would rate this solution an eight out of ten.
I rate Wazuh four out of 10. It can do the job, but you need to invest a lot of time configuring it for your use case.
My advice to others is Wazuh is a good starter solution but there are other more advanced solutions on the market, such as Splunk which is an industry-level solution. I rate Wazuh a five out of ten.
No hardware is required for this solution but be prepared to purchase implementation support. I would rate this solution a six or seven out of ten.
I would rate Wazuh a six out of 10. It's hard to compare Wazuh to commercial solutions like Splunk. It's fairer to evaluate the open-source tools together. So if I were to rate Wazuh alongside other open-source platforms, I would say it's the best in that category. If customers are considering Wazuh, they should think about what kind of coverage they want. If they're focusing on the logs and threat monitoring, maybe Wazuh is okay by itself, but it's not something that provides traffic monitoring. Still, you can root out threats on your network using the logs. It's valuable information. So if you are looking to cover that scope, that's well and good. And if you're not familiar with this product, it's essential to have support. You can buy a subscription for support. So you need to know that Wazuh only covers logs and you need to consider if it suits your needs in terms of scalability. If you are comfortable with these few things, then Wazuh is okay. The solution is good. And if you need something for endpoint protection, Opex is another open-source tool used to monitor the endpoints for anything suspicious
For our usage, I would rate Wazuh a six out of ten.