| Product | Mindshare (%) |
|---|---|
| Wazuh | 4.4% |
| Splunk Enterprise Security | 7.3% |
| IBM Security QRadar | 5.3% |
| Other | 83.0% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Security Information and Event Management (SIEM) | Jun 23, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jun 23, 2026 | Download |
| Comparison | Wazuh vs Splunk Enterprise Security | Jun 23, 2026 | Download |
| Comparison | Wazuh vs IBM Security QRadar | Jun 23, 2026 | Download |
| Comparison | Wazuh vs Microsoft Sentinel | Jun 23, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| CrowdStrike Falcon | 4.3 | 2.8% | 97% | 140 interviewsAdd to research |
| Cortex XDR by Palo Alto Networks | 4.2 | N/A | 96% | 112 interviewsAdd to research |
Wazuh's most valued attributes include MITRE ATT&CK correlation, seamless integration with environments, effective SIEM features, ELK for investigations, PCI DSS compliance, cloud-native infrastructure, monitoring, vulnerability assessment, active response, and scalability. Users appreciate open-source accessibility, ease of deployment, comprehensive compliance capabilities, customizable dashboards, and robust documentation. Wazuh excels in threat hunting, CVE management, intrusion detection, and enhancing endpoint security. Community support and cost-effectiveness enhance its appeal for many organizations.
| Company Size | Count |
|---|---|
| Small Business | 23 |
| Midsize Enterprise | 12 |
| Large Enterprise | 8 |
| Company Size | Count |
|---|---|
| Small Business | 1496 |
| Midsize Enterprise | 795 |
| Large Enterprise | 1727 |
Wazuh offers an open-source platform designed for seamless integration into diverse environments, making it ideal for enhancing security infrastructure. Its features include log monitoring, compliance support, and real-time threat detection, providing effective cybersecurity management.
Wazuh stands out for its ability to integrate easily with Kubernetes, cloud-native infrastructures, and various SIEM platforms like ELK. It features robust MITRE ATT&CK correlation, comprehensive log monitoring capabilities, and detailed reporting dashboards. Users benefit from its file integrity monitoring and endpoint detection and response (EDR) capabilities, which streamline compliance and vulnerability assessments. While appreciated for its customization and easy deployment, room for improvement exists in scalability, particularly in the free version, and in areas such as threat intelligence integration, cloud integration, and container security. The platform is acknowledged for its strong documentation and technical support.
What are the key features of Wazuh?In industries like finance, healthcare, and technology, Wazuh is utilized for its capabilities in log aggregation, threat detection, and vulnerability management. Companies often implement its features to ensure compliance with stringent regulations and to enhance security practices across cloud environments. By leveraging its integration capabilities, organizations can achieve unified security management, ensuring comprehensive protection of their digital assets.
Wazuh was previously known as Wazuh All-In-One Deployment.
| Author info | Rating | Review Summary |
|---|---|---|
| Engineer Information Security at N-Able (Pvt) Ltd | 4.5 | I prefer Wazuh over Forti due to its better pricing, flexibility, documentation, and dashboard performance, though it lacks AI and user behavior features. Both are stable, but Wazuh's simplicity and community support stand out for me. |
| Tech Lead at a tech vendor with 51-200 employees | 3.5 | I've used Wazuh for two years in compromise assessments due to its strong EDR agent capabilities, though I don't recommend it for long-term SOC use because of stability and log retention issues despite easy setup and good visibility. |
| Cyber Security Software Engineer at a tech services company with 11-50 employees | 4.0 | I use Wazuh as a versatile open-source SIEM platform, benefiting from its customizability and cost-saving advantages. Though documentation is comprehensive, improvements are needed in uniformity and developer-friendliness. The platform effectively integrates third-party services and ranks highly for its capabilities. |
| Security Consultant at ebenezer.okoh@agorasecurity.it | 4.5 | I use Wazuh for daily security operations focused on threat hunting and intrusion detection. The system integrates well with our firewalls. I see room for improvement with AI integration, but overall, it provides cost-effective security solutions. |
| Student at Dakota State University | 3.0 | I am evaluating Wazuh for file monitoring and compliance reporting. Its valuable features include cost-effective alerts and compliance tools, although improvements are needed with rule tags. Wazuh offers potential ROI compared to previous market solutions, especially for small to medium businesses. |
| Software Engineer at i2c Inc. | 4.0 | I use Wazuh in my company mainly as a SIEM and XDR tool. Its most valuable features include SIEM modules, vulnerability detection, and compliance frameworks. However, it lacks AI and ML capabilities and is costly for our infrastructure and log ingestion. |
| Security Operations Center Analyst at mailbox.org | 4.0 | I use Wazuh as a highly customizable open-source SIEM solution that effectively addresses various client issues. Its valuable CVE helper feature is beneficial, though it requires labor-intensive maintenance due to limited AI integration, needing constant code input. |
| Tech Lead at a tech vendor with 201-500 employees | 3.5 | We integrated Wazuh with Google Cloud for data collection and anomaly detection, valuing its MITRE framework mapping. While support and integration need improvement, Wazuh offers a significant ROI by reducing detection and response times compared to previous manual audits. |
| Senior Security Information Analyst at Carbon MFB | 4.0 | I use Wazuh for SIEM, leveraging its EDR capabilities to monitor threats and ensure compliance. Its server-agent mode effectively aggregates logs, and while the latest updates have improved the interface, I haven't used other SIEM solutions like Splunk. |
| CEO at Intrust Labs | 4.0 | I use Wazuh for XDR and SIEM in my company, and I find its XDR component superior to other open-source options. However, Wazuh needs AI capabilities to remain competitive, as AI is crucial for future advancements in security solutions. |
At the moment, I'm working in software integration, so we are working with FortiGate. To research and get an idea, I did some investigation into Wazuh.
They have already used Fortinet products.
They use pretty much almost all Fortinet products including FortiGate, FortiSIEM, FortiXDR.
At the moment, they only use FortiGate and FortiSIEM.
I have worked with Wazuh before with limited experience.
Pricing-wise, Wazuh stands out, along with deployment flexibility and its documentation which is extremely good in comparison to Forti. The community support is also incredible.
They have helped quite a bit because previously, we had a separate tool and management dashboard to do our compliance. With Wazuh, we receive that information without having to do anything extra. We just set up the SIEM and all of that information was automatically populated.
The dashboards are very easy to understand and very quick with no lag or delay. I have experienced delays on Forti's dashboards, but not with Wazuh.
Wazuh is quite good. In comparison to Forti, they are quite similar. They are very good at detection.
The lack of AI features is an issue at the moment in the industry.
Forti provides user behavior capabilities, which I would want to see in Wazuh.
In FortiSIEM, they provide user behavior understanding AI capability. This is not available with Wazuh, so I would want that feature.
Both solutions have incredible performance and stability. The only issue is Forti's dashboards tend to lag, so that needs improvement.
Machine learning is needed along with understanding user behavior and behavioral patterns. That capability is something that other vendors provide that I would want to see.
I started using it less than a year ago.
Both solutions have incredible performance and are incredibly stable. The only issue is Forti's dashboards tend to lag, so that needs improvement.
Apart from pricing, there are no major considerations.
If you want to consider pricing, there is no reason to switch from Forti to Wazuh.
Wazuh differs from Forti as Forti comes in bundles that you have to pay for. With Wazuh, there is no starting payment for the SIEM itself, but you have to pay for support.
I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.
Right now, we haven't decided. We just want to explore and see what is available.
I prefer Wazuh a bit more, though both are similar.
I would rate Wazuh eight to nine out of ten.
I would rate Forti seven to eight out of ten.
Wazuh is actually better than Forti.
I have utilized the solution.
My overall rating for Wazuh is 9 out of 10.
I have been working with Wazuh for two years, and I can explain how I use Wazuh. I did not use Wazuh as a SIEM solution. I use Wazuh as a tool for services we provide. This service is called compromise assessment. I use Wazuh because Wazuh agent has EDR agent capabilities and some EDR capabilities on their agents. I use Wazuh beside some tools in my toolset. I implement deception engines using it.
Compromise assessment activity requires collecting logs and analyzing everything involved. Regarding threat detection capabilities, I speak honestly about it. When I say I use it for compromise assessment, I use it for that because Wazuh agent has great, very powerful capabilities to collect logs and correlate them against your environment to help detect threats or maybe future threats. Wazuh has an agent with EDR capabilities and some XDR capabilities also. That's why it's very good for me in terms of usage. It helps me in compromise assessment activity as a service we provide in our company.
I find the real-time dashboard in Wazuh to be very good, but I do not recommend Wazuh for day-to-day operations. I recommend it for fast activities. I do not recommend Wazuh for long-term use or building your own SOC based on it.
When we talk about functionality, the most valuable feature or function I have found in Wazuh is Wazuh EDR agent with EDR capabilities. This is the most valuable single feature in Wazuh - Wazuh agent capabilities.
In my opinion, the main benefit Wazuh provides to users is visibility into user behavior. If you use it well, taking advantage of all agent features and capabilities, and using your own rules, it will give you full visibility of user behavior and user activity through the network or the environment.
Regarding compliance, I find it not stable. I do not recommend it for that purpose. It can comply with Wazuh NCA, which we have here in Saudi Arabia. Wazuh NCA has many frameworks starting with ECC Essential Cybersecurity Controls, ending with controls about social media. They have their own frameworks and regulations, and Wazuh can comply with all Saudi regulations. However, in the long term, if you want to build a SOC center on Wazuh, I do not recommend it because it's not stable. It's not stable in the long term, especially with a huge amount of logs, day-to-day activity, or monitoring, log retention. For example, here in Wazuh ECC, we have one control we have to comply with that states you should have hot log retention for at least one year. It consumes a huge amount of resources from your storage; in a small client setup, it took more than three terabytes for me.
If I had to mention one area for improvement in Wazuh, it would be the hot log retention policies. They should reduce the volume and size of hot logs.
I have been working with Wazuh for two years.
When it comes to stability, from one to ten, I would rate Wazuh a six. Wazuh reason I give it a six is that, during compromise assessment activity, I usually finish this activity in a maximum of four weeks, and I do not feel any issues regarding stability. However, the sizing and log retention issues make the stability of this product very bad. In one year, we faced about twelve tickets regarding the system going down due to storage issues. That is not a normal number for one year.
As for scalability in Wazuh, I think it's scalable, and I would give it a seven.
Wazuh initial setup is very, very easy.
In terms of deployment, I prefer to work on-premises. Here in Saudi Arabia, there are concerns about cloud services outside Wazuh country. They want everything in Wazuh cloud but inside Saudi Arabia, not outside it. For over five years, all my implementations have been on-prem. Now we only have Google Cloud and Alibaba Cloud; we still do not have Microsoft tenant availability in Saudi Arabia, but they claim it will be available next year. However, up until now, all my implementations are on-premises, and it's very, very easy and smooth.
If you want to build it with an open-source SIEM solution, you can build it on QRadar or ELK, which are good options.
Machine learning in Wazuh is very, very good, but for your knowledge, IBM QRadar significantly improved their UBA when it comes to machine learning and AI. Their focus is almost entirely on user behavior analytics. In QRadar, they concentrate on using machine learning algorithms and AI only for UBA.
I do not work with Wazuh compliance management tools honestly.
I cannot speak about Wazuh pricing for Wazuh paid version since I do not know Wazuh price. It's totally on Wazuh client side to purchase Wazuh product. I usually use Wazuh open-source or free version because my day-to-day activities only involve providing one service that's dependent on Wazuh called compromise assessment. I use Wazuh as part of my toolset for that purpose, which includes deception engines and other tools.
My overall review rating for Wazuh is seven.
Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I completed one project where I removed malware.
The valuable features of Wazuh include being open source and having the capacity to be used for anything desired. It allows for creating new automations, whereas other Software as a Service platforms have their own business models. With this open source tool, organizations can establish their own customized setup.
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active community and dense documentation. There are many people sharing different projects of similar tasks, which is beneficial.
In the proof of concept documentation, it's a mixture of Windows, whereas they also catered to Ubuntu. I'm referring to apt and yum languages for downloading the server indexer. I downloaded in apt, but their first proof of concept is in yum, so I must change languages. This is something I do not prefer because I prefer a more uniform language. When running in production, I'm on a time crunch as time is money.
Wazuh could improve by creating videos on YouTube covering installation, use cases, and integration of third-party APIs for different scenarios that other SAAS services provide. While Wazuh provides these features, one must read their documentation thoroughly to customize it. This is a great feature, but initially, I don't have time to scan multiple items. They could make it more uniform and developer-friendly. As a software engineer, it takes considerable time, but as a businessman, I need to complete tasks quickly and need that flexibility.
Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time.
I spoke with Wazuh support today regarding a quote. I would rate Wazuh support an 8 out of 10. They responded quickly, which was crucial as I was on a time constraint.
Positive
Due to confidentiality, I cannot share specific quantifiable benefits that deploying Wazuh has brought to my company. However, it resulted in cost reduction by avoiding lump sum payments and providing the benefit of having our own system.
Wazuh is free to use, but there are licensing fees for third parties. Their consultancy fee and support fees are relatively high. On a scale of 1 to 10, I would rate their consultancy and support fees a 5.
I would be willing to provide a review for products I have experience with. I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good. I support it completely. Overall, I rate Wazuh 8 out of 10.
I use Wazuh for daily security operations mainly on EDR endpoints by installing it on the agents that we are monitoring to collect security data. It helps us monitor endpoints and know what is going on at each endpoint, and we are able to tap the data and use it in other platforms such as SOAR.
I find the threat hunting features of Wazuh most valuable, as we are more interested in the threat hunting side and want to move ahead into threat hunting before any threat becomes something that cannot be dealt with. Wazuh has a threat hunting functionality that we use extensively.
The intrusion detection capabilities work effectively in my environment, as we also have firewalls, and we rely more on the firewall side for intrusion detection.
The threat hunting features of Wazuh are particularly valuable for our operations. We focus heavily on threat hunting capabilities to address potential threats before they become unmanageable.
The intrusion detection capabilities integrate seamlessly with our existing firewall infrastructure. The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR.
I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities. I hope this will be part of the new versions.
Regarding challenges with Wazuh, I cannot pinpoint specific difficulties. When I face a challenge, I prefer not to spend too much time on it and may move to another solution that will give us the results. Sometimes what seems a challenge is just an implementation issue, and while the documentation is comprehensive, it can become overwhelming when quick information is needed for implementation.
I have been using Wazuh for about a year now.
Wazuh is easy to set up, as it's clearly defined in their documentation, with various options such as bare metal or Docker implementations. The level of documentation is superior compared to other open source products.
Sometimes issues arise with some of these tools, but because they are open source, there are limitations to what can be expected.
I would rate the stability of Wazuh a nine out of ten.
Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints. I haven't encountered issues with the engine struggling, and it's simply a matter of having enough memory to handle open search memory issues. I think they've done exceptionally in terms of scalability.
I rate the scalability of Wazuh an eight out of ten, as I haven't reached the point of struggling with it.
I would rate the setup of Wazuh a nine out of ten.
I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money, but I haven't made any comparisons since we started using Wazuh immediately.
Wazuh is completely free of charge.
I have not seen Wazuh moving in the direction of AI-driven threat detection projects myself, but since the market is moving that way, I wouldn't be surprised if they implemented it soon.
My plans to increase the usage of Wazuh or switch to another tool depend on what my boss decides.
We don't refer to any community support specifically, as we rely on other platforms such as GitHub or Discord, depending on the application.
I recommend that as more companies come on board with Wazuh, it will motivate those who contribute to it, but I am also cautious that as it gains attention, a large company might buy it and change its course of business.
Overall, I rate Wazuh a nine out of ten.
I am currently evaluating and using Wazuh for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and evaluate Wazuh as part of my learning and work experience.
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.
I am investigating more about the community support for Wazuh. I can't provide a definitive answer yet. An issue I noticed is with tag values in certain rules not functioning properly. It's unclear if this is a design flaw or intentional. These are areas I'm still exploring.
I have been using Wazuh for about seven months.
Wazuh offers scaling options and is scalable from a mid to advanced level. However, I am still evaluating if it meets enterprise-scale requirements.
The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.
Neutral
Before Wazuh, we used market products for our needs. We are exploring other options due to Wazuh being open source.
The initial setup of Wazuh was not complex once the requirements were understood. In a POC environment, setting up took about a day and a half.
I am spearheading this POC effort. Once completed, more people will likely be involved.
There is high potential for ROI, especially for small to medium businesses comparing Wazuh to market solutions. Wazuh offers more cost-effective options without compromising on security.
Since Wazuh is open source, the pricing for support could be applicable to medium-sized companies without much issue. However, I haven't fully explored what comes with this pricing.
We have looked into the Elastic Stack and haven't explored integrating it with Wazuh since Elastic Stack is no longer open source.
I would recommend Wazuh. It's a valuable tool for security operations. On a scale of one to ten, I currently rate Wazuh as a six. I may rate it higher after more experience.
I use the solution in my company as an open-source tool and in our organization as an SIEM and XDR. We mainly use it as a SIEM tool. Moreover, we can use it with Palo Alto Networks XDR for vulnerability scanning because it provides us with vulnerability detection modules. We also use SDS and IDS frameworks as my company is a fintech. We use PCI DSS and NIST 800-53 framework, which is provided by Wazuh.
The solution's most valuable features are the SIEM modules, vulnerability detection modules, NIST 800-53, and the MITRE framework. I think these four are the most valuable core things provided by Wazuh as an open-source tool.
Wazuh currently fails to provide its users with AI and ML. From an improvement perspective, Wazuh needs to offer AI and ML to its customers. I want Wazuh to integrate with AI capabilities since it can help users do proactive monitoring.
I think scalability can be improved by using better indexer indices in Wazuh and by improving dashboarding. We can enhance Wazuh manager and Wazuh indexer.
I have been using Wazuh for more than a year. I use Wazuh version 4.7.2.
It is a stable solution. Stability-wise, I rate the solution a seven out of ten.
When it comes to stability, we have faced difficulty getting a lot of data or selecting the data from before 60 days sixteen years. Wazuh's access parts also stop responding to other users.
Scalability-wise, I rate the solution a six out of ten.
More than 100 people in my company use Wazuh.
I think Wazuh is used daily to check alerts, dashboards, and other related stuff.
I will use it in the future as a SIEM tool.
I have not received technical support for the solution. I got help from the Wazuh and Slack communities.
If one is difficult and ten means an easy setup phase, I rate the product's initial setup phase a seven out of ten. The product's initial setup phase was easy.
I have not faced any challenges during the product's installation phase. I was unable to change the admin password. The default admin password for admins couldn't be changed, and I am still unable to change my password because it does not allow me to change its admin password.
I was involved directly in the deployment process.
The solution is deployed on an on-premises model.
The solution can be deployed in a single day.
I single-handedly deployed the product.
Wazuh is an open-source tool.
After evaluations, my company has figured out that Wazuh is very expensive for our infrastructure and for the log ingestion process.
The vulnerability detection module and the MITRE framework are helpful because we are using the tool in our own data centers. The vulnerability detection module prevents us from being exploited by different vulnerabilities and different packages existing in our environment.
Wazuh's compliance management feature supports your regulatory requirements since it provides PCI DSS and NIST 800-53 framework. In general, the tool provides us with the baseline that is required.
I need two people to maintain it constantly and to monitor Wazuh so that we can resolve different types of space alerts and manage different file systems attached to it.
The tool is good, but you should be prepared to put in some manual effort to use it and also have some good technical support to perform the manual functions and operations you need in Wazuh.
I rate the tool an eight out of ten.
We use Wazuh as a SIEM solution because it is open source, highly customizable, and continually expanding. Our clients can request various solutions for their issues, which Wazuh is able to address.
One of the most valuable features of Wazuh is its capability as a CVE helper. It assists in pulling reports about active CVEs in the system. Wazuh is a SIEM tool that is highly customizable and versatile. The fact that it is open source means it is always being expanded, which is beneficial for customizing solutions for individual client requests.
There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements. This maintenance can be quite labor-intensive and time-consuming.
I have been using Wazuh for nearly three years.
The stability of Wazuh is largely dependent on maintenance. If it is well-maintained, it is stable, rating around eight to nine. Without proper maintenance, stability could drop to around five to six.
Wazuh is scalable and suitable for small to medium-sized businesses or enterprises. It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.
There is no dedicated technical support for Wazuh as it is open source. I rely on available documentation and self-support.
Positive
The initial setup of Wazuh is not more complex than any other SIEM solutions available.
I would recommend Wazuh to others. It is a good system that provides a comprehensive view of network activities when correctly set up with syslog and proper log injection. Overall, I would rate Wazuh an eight out of ten.
Our primary use case was around data collection and anomaly detection. We integrated Wazuh with Google Cloud and other cloud providers to receive alerts and insights if there is any unauthorized data access in the production environment.
We also monitor virtual machines for any malicious command execution and get notifications for any privilege access attempts. Additionally, we detect anomalies in traffic patterns related to specific client accounts.
Wazuh has provided us with excellent clarity on data access, allowing us to significantly reduce instances of unnecessary production environment access and improve processes.
We now have real-time visibility into the production environment on both cloud and critical virtual machines, which was not possible with our previous manual audits.
We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh. These components are essential for our security needs.
The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively. The integration modules are insufficiently developed, necessitating the creation of custom integration solutions using tools like Logstash and PubSub. Although they offer data fetching from Cloud Bucket as a more economical option, it was not functioning properly.
I've used the solution for four months, during which it was effectively deployed in our production environment for approximately 45 days.
The stability of Wazuh is strong, with no issues stemming from the solution itself. Any downtime we experienced was due to human error in configuration.
Scalability depends on the configuration and the infrastructure resources like compute and memory we allocate. We found scalability to be decent, as we could easily adjust our infrastructure to handle increased traffic.
We use the open-source version of Wazuh, which does not provide paid support. Although the community is active, it is not highly responsive. Conversion from issue to resolution is average.
Neutral
Before Wazuh, we relied on periodic audits, which were time-consuming and did not provide automated detection of security anomalies.
Initial setup was incredibly simple, requiring only the running of one script for a single node setup. Complexities arose during integration with Kubernetes-based workloads due to insufficient documentation.
We required only two people for both the deployment and ongoing maintenance of Wazuh.
The return on investment is visible in reduced mean time to detect from potentially three months to about an hour and mean time to respond from up to thirty days to two days.
We did not incur costs for Wazuh itself, only for the underlying infrastructure such as PubSub, storage, and compute instances, totaling around two lakh Indian rupees per month.
We evaluated Google Chronicle and Elastic-based SIEM (ELK SIEM), but Wazuh was the most cost-effective solution, being open-source with necessary compute infrastructure.
Wazuh is well-suited for small to medium-sized organizations seeking better data and security visibility for a reasonable investment. There is a learning curve due to less comprehensive documentation, but it is a beautifully designed solution.
I'd rate the solution seven out of ten.
We use Wazuh for our Security Information and Event Management (SIEM) needs. It serves as a log aggregator and provides us the capability to monitor our servers for brute force attacks and other security threats.
We use Wazuh's vulnerability management dashboard to scan our servers for vulnerabilities and ensure compliance with standards such as HIPAA and PCI DSS.
Wazuh has enhanced our security posture by providing visibility into our environment and enabling proactivity in incident response. It alerts us to any discrepancies in the environment, allowing us to respond swiftly.
Additionally, it supports features like active response, blocking potential intrusions automatically.
The most valuable feature of Wazuh is its EDR capabilities. It operates in a server-agent mode, which allows us to aggregate logs from endpoints and monitor server activities, such as vulnerability scans and compliance checks. Wazuh is open to numerous integrations with third-party tools like forensics tools, adding to its versatility.
The latest version, 4.9, has improved the interface significantly. I am yet to explore more about the update to identify further areas for improvement. So far, the recent updates have addressed most challenges we previously faced.
I have been working with Wazuh for more than three years.
Wazuh is very stable over the years, and it has consistently met our needs without issues.
Wazuh is quite scalable. We have deployed it across 20 to 30 servers. You can increase the server resources to handle more endpoints as needed.
Customer service is excellent, rated a ten out of ten. Wazuh has a vast online community on platforms like Slack and Google groups. The response time for queries is great due to the extensive community support.
Positive
I did not use other SIEM solutions beforehand. Wazuh was already in use when I joined my organization. I am aware of Splunk, which is a commercial SIEM tool, yet have not used it.
Today, even novices can deploy Wazuh due to the simplified setup process using pre-configured scripts and marketplace images for quick deployment.
Wazuh is open-source, with a free version and a commercial cloud subscription for those needing managed cloud hosting. The Wazuh Cloud requires additional licensing fees.
There's no perfect solution in security, as it's a combination of tools, people, and processes. Staying proactive is essential, particularly with AI-enhanced attacks becoming more prevalent.
I'd rate the solution eight out of ten.
I use the solution in my company for XDR and SIEM.
The solution's most valuable feature is that its XDR part provides a very good experience compared to other open-source software. Wazuh is also better than the existing XDR apps.
Wazuh needs improvement in terms of AI. All the tools, whether SIEM or other tools, are focused on AI-based areas. Wazuh should plan to integrate with the AI part.
The product's configuration part and lack of AI capabilities are some of the major concerns associated with Wazuh.
Considering the current technology, the entire infra will be changed for quantum computing and security. We need AI, which is drastically evolving. We needed some alignment with the AI-based Wazuh, and I believe it would be a very promising development since it would not be stable otherwise. Splunk has started working on AI-related stuff. Wazuh's XDR is very good.
I have been using Wazuh for three years. My company has a partnership with Wazuh.
The tool is very powerful, without a doubt. It is a stable tool. Wazuh is better than Splunk, and I say so since it is very suitable for small and mid-level businesses with lower data volume. Splunk is the best if we need to deal with a higher volume. I can go ahead with Splunk if it is a higher volume. When it comes to small and middle-level businesses, our organization, Wazuh, which has the lowest data volumes, is the best and most stable tool.
When it comes to scalability, there are two things to consider while scaling up Wazuh's deployment. One is that our server and infra facilities should be aligned properly. Wazuh is a scalable tool. I can say the only drawback is that one requires technical knowledge to set up and configure the tool.
The solution's technical support quality is mid-range. I rate the technical support a seven out of ten.
Neutral
It is easy to install and deploy the tool, but only an experienced person can handle such areas. It means the subject matter expert can handle the tool. It cannot be given to someone randomly as the person needs to have some expertise.
The solution is easy to maintain.
Three people can deploy the solution.
Wazuh has given some timelines for the average deployment, but I must ask my team about it.
The product price is neither too high nor too low. A lot of small players can easily adapt to Wazuh. Many are interested in adopting Wazuh in their own infrastructure.
I would say that Wazuh's threat detection capabilities are effective at around 80 percent.
Regarding compliance and integrity monitoring, I would say that the problem stems from the fact that someone who doesn't know or has any background associated with Wazuh or someone junior in the profession cannot configure the product. An experienced person should configure Wazuh, and then only we can get the settings right because it is mostly a configuration-based tool. There are a lot of things in the configuration-based part. The product offers seamless integration capabilities.
I will have to ask my team members about details related to the operational cost and security incident response time associated with the solution.
My final bottom line recommendation to others is that they should consider whether they are using small volumes, and if so, it means their organization is small or mid-sized and is using very few data volumes for which Wazuh is the best choice instead of Graylog, Splunk or some other tool. We need the expertise to set up and configure the tool properly. Expertise and knowledge should be the key thing if anybody needs to adopt the tool. Others need to consider the tool's readiness for the AI revolution.
I rate the tool an eight out of ten.
