I am currently evaluating and using Wazuh for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and evaluate Wazuh as part of my learning and work experience.
We use Wazuh for our Security Information and Event Management (SIEM) needs. It serves as a log aggregator and provides us the capability to monitor our servers for brute force attacks and other security threats. We use Wazuh's vulnerability management dashboard to scan our servers for vulnerabilities and ensure compliance with standards such as HIPAA and PCI DSS.
My company specializes in providing SIEM as a service. We leverage Wazoo for that. Since Wazoo is open-source, I hosted it on Azure. We provide Wazuh as a service to our customers. Currently, we have three clients whose environments are integrated with our Wazuh server on our CRM system. We handle the typical CRM use cases, including security alerts and advisories, and monitor their environments through our Wazuh server.
I use the solution in my company as an open-source tool and in our organization as an SIEM and XDR. We mainly use it as a SIEM tool. Moreover, we can use it with Palo Alto Networks XDR for vulnerability scanning because it provides us with vulnerability detection modules. We also use SDS and IDS frameworks as my company is a fintech. We use PCI DSS and NIST 800-53 framework, which is provided by Wazuh.
Cyber Digital Transformation Engineer at OneWorldInfoTech
Real User
Top 10
2024-01-31T07:52:00Z
Jan 31, 2024
We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.
Senior Systems Engineer at a insurance company with 201-500 employees
Real User
Top 10
2023-10-20T04:55:32Z
Oct 20, 2023
Wazuh is very good. It offers the ability to measure and benchmark your environment to one of the standards. We installed it on the customer's premises and benchmarked it against CIS controls. We are not in a big environment, and we haven't tested Wazuh for long.
We use Wazuh as a SIEM instead of Logstash, so it's like a managed version of ELK. We customized queries and search detection according to that. The good thing is that it also provides a module called Monitor, and using that, we set up alerts to Slack or email. Then, based on Slack, we implemented an automation to prevent things as per our demands.
We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company. So it can detect more than just games. You can customize it to detect specific software. We have a whitelist of approved software, and Wazuh compares it with the software installed on the device. If there are any mismatches, it reports it to us. So, for instance, we can whitelist Facebook, Blackboard, and YouTube.
Software Engineer at a computer software company with 1,001-5,000 employees
Real User
Top 10
2023-06-15T10:25:07Z
Jun 15, 2023
We are using Wazuh for security information and event management, PCI DSS compliance, auditing, real-time sensitive monitoring, and meeting regulatory requirements.
Our main use case for Wazuh is in the healthcare industry, where we deploy it to help companies monitor their products during deployment. However, we also utilize Wazuh for IoT and OT, as well as for endpoint detection and response.
We wanted a solution as an in-house SIEM tool, which can collect security and order logs for compliance purposes. We tried to explore a lot of tools and considering our budget and use cases, this tool matched our requirements. We have five to seven users and we will be adding more users.
It is a basic level requirement for the compliance factor. There is regulatory compliance by the regulator called CDDISR, and we need to ensure that all the network's critical components send the logs. Wazuh allows us to complete forensic tasks to track any attacks.
Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. Wazuh is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution.
Manager Cloud Security Operations at TraceLink, Inc.
Consultant
2022-08-01T13:01:54Z
Aug 1, 2022
Our company only has a small five-person team working with Wazuh. We wanted a log management solution that we could deploy onto our cloud, so we deployed Wazuh on Kubernetes and integrated different log sources into a centralized logging solution. The second use case is log searching. We wanted a usable integrated search, and Wazuh a good search integrated usable. Wazuh has support for Elasticsearch, which provides searching capabilities. Cost-effectiveness was important for us, and Wazuh is a top open source solution.
I use Wazuh as an open-source solution for SIEM and file integrity monitoring. I have conducted a few POCs in the bank sectors, as well as demos specifically regarding SIEM. In Pakistan, we have a state bank that controls the regularities. The banking sector wants to save money and is only interested in compliance. Our company helps them with this. Wazuh is used for file integrity monitoring on Unix, Linux, and Windows systems. Wazuh is available on the cloud, however, it depends on the customer. I work with the financial sector, which does not want its data to be on a public or private cloud.
Wazuh is an enterprise-ready platform used for security monitoring. It is a free and open-source platform that is used for threat detection, incident response and compliance, and integrity monitoring. Wazuh is capable of protecting workloads across virtualized, on-premises, containerized, and cloud-based environments.
It consists of an endpoint security agent and a management server. Additionally, Wazuh is fully integrated with the Elastic Stack, allowing users the ability to navigate...
I am currently evaluating and using Wazuh for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and evaluate Wazuh as part of my learning and work experience.
We use Wazuh for our Security Information and Event Management (SIEM) needs. It serves as a log aggregator and provides us the capability to monitor our servers for brute force attacks and other security threats. We use Wazuh's vulnerability management dashboard to scan our servers for vulnerabilities and ensure compliance with standards such as HIPAA and PCI DSS.
My company specializes in providing SIEM as a service. We leverage Wazoo for that. Since Wazoo is open-source, I hosted it on Azure. We provide Wazuh as a service to our customers. Currently, we have three clients whose environments are integrated with our Wazuh server on our CRM system. We handle the typical CRM use cases, including security alerts and advisories, and monitor their environments through our Wazuh server.
I use the solution in my company as an open-source tool and in our organization as an SIEM and XDR. We mainly use it as a SIEM tool. Moreover, we can use it with Palo Alto Networks XDR for vulnerability scanning because it provides us with vulnerability detection modules. We also use SDS and IDS frameworks as my company is a fintech. We use PCI DSS and NIST 800-53 framework, which is provided by Wazuh.
We use Wazuh to deliver security features in a venture capital company project focused on building a mobile application.
We use Wazuh for internal testing, instant response, security operations, and compliance.
My company uses Wazuh in our lab environment, where we have 100 endpoints.
We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.
Wazuh is very good. It offers the ability to measure and benchmark your environment to one of the standards. We installed it on the customer's premises and benchmarked it against CIS controls. We are not in a big environment, and we haven't tested Wazuh for long.
We use the solution for event monitoring.
The primary use case for Wazuh is the detection of malware.
We use Wazuh as a SIEM instead of Logstash, so it's like a managed version of ELK. We customized queries and search detection according to that. The good thing is that it also provides a module called Monitor, and using that, we set up alerts to Slack or email. Then, based on Slack, we implemented an automation to prevent things as per our demands.
We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company. So it can detect more than just games. You can customize it to detect specific software. We have a whitelist of approved software, and Wazuh compares it with the software installed on the device. If there are any mismatches, it reports it to us. So, for instance, we can whitelist Facebook, Blackboard, and YouTube.
We are using Wazuh for security information and event management, PCI DSS compliance, auditing, real-time sensitive monitoring, and meeting regulatory requirements.
We use the solution for endpoint detection and response. It helps us detect malicious files.
The solution can be used for monitoring changes on the endpoint of machines. It focuses mostly on endpoints and the dangers that may come through.
Our main use case for Wazuh is in the healthcare industry, where we deploy it to help companies monitor their products during deployment. However, we also utilize Wazuh for IoT and OT, as well as for endpoint detection and response.
I use this product as an integrity marketing solution in the financial sector. We are users of Wazuh and I'm head of information security.
Our primary use case is for monitoring the cloud as well as infrastructure.
We wanted a solution as an in-house SIEM tool, which can collect security and order logs for compliance purposes. We tried to explore a lot of tools and considering our budget and use cases, this tool matched our requirements. We have five to seven users and we will be adding more users.
It is a basic level requirement for the compliance factor. There is regulatory compliance by the regulator called CDDISR, and we need to ensure that all the network's critical components send the logs. Wazuh allows us to complete forensic tasks to track any attacks.
Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. Wazuh is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution.
My main use case for Wazuh is checking security events.
Our company only has a small five-person team working with Wazuh. We wanted a log management solution that we could deploy onto our cloud, so we deployed Wazuh on Kubernetes and integrated different log sources into a centralized logging solution. The second use case is log searching. We wanted a usable integrated search, and Wazuh a good search integrated usable. Wazuh has support for Elasticsearch, which provides searching capabilities. Cost-effectiveness was important for us, and Wazuh is a top open source solution.
We integrated all of our services and infrastructure in the cloud with Wazuh.
The use-case is to obtain security events centrally across multiple servers deployed in the enterprise.
- to understand if any OS-level vulnerabilities are identified and notify relevant teams.
- to identify and obtain reports on PCI DSS posture across multiple servers.
I use Wazuh as an open-source solution for SIEM and file integrity monitoring. I have conducted a few POCs in the bank sectors, as well as demos specifically regarding SIEM. In Pakistan, we have a state bank that controls the regularities. The banking sector wants to save money and is only interested in compliance. Our company helps them with this. Wazuh is used for file integrity monitoring on Unix, Linux, and Windows systems. Wazuh is available on the cloud, however, it depends on the customer. I work with the financial sector, which does not want its data to be on a public or private cloud.
Wazuh is used for event information and management. We have several events that are of interest, and Wazuh lets our folks know if any of them trigger.
We are using Wazuh for our SOC environment. We are managing and monitoring our infrastructure using the Wazuh SIEM
We collect logs in it, and then we correlate logs against the MITRE ATT&CK framework. We have configured some notifications.