No more typing reviews! Try our Samantha, our new voice AI agent.
Wazuh Logo

Wazuh pros and cons

Vendor: Wazuh
3.7 out of 5
Badge Leader
Leave a review

Pros & Cons summary

Wazuh excels in integration with cloud and on-premises systems, offering free features akin to premium solutions. Its compliant security features cover PCI DSS and GDPR standards, enhancing its appeal. Easy deployment and built-in modules support varied security needs, yet it lacks effective event source coverage compared to Splunk. Future releases should improve enterprise readiness, real-time threat intelligence, automation, and scalability in log management.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.
Get the report

Prominent pros & cons

PROS

Wazuh is highly valued for its integration capabilities with both cloud and on-premises environments, particularly for its seamless interaction with AWS cloud-native services.
The cost-effectiveness of Wazuh, being free with features similar to premium market solutions, is a significant advantage for many users.
Wazuh's comprehensive compliance management features fully comply with PCI DSS and GDPR standards, making it supportive in various regions.
Wazuh's extensive security features include file integrity monitoring, vulnerability scanning, host-based intrusion detection, and custom rules for detecting malicious activities.
Wazuh supports easy deployment with robust documentation and a wide range of built-in modules for various security needs.

CONS

Wazuh struggles with covering sources of events as effectively as Splunk.
The next release should target large enterprises, as they often avoid open source offerings, and Wazuh needs more robust features suited for such clients.
Threat intelligence is a significant oversight, needing in-built integration for real-time alerts and feedback in security incidents.
Scalability presents a challenge, particularly with log volume management in its on-prem version and distributed architecture utilizing Elastic DB.
Wazuh has limitations in automation for incident responses and needs enhancements in log data analysis for better detection and security.
 

Wazuh Pros review quotes

reviewer2711757 - PeerSpot reviewer
reviewer2711757
Cyber Security Software Engineer at a tech services company with 11-50 employees
Jun 3, 2025
I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good.
Read full review
Ebenezer Okoh - PeerSpot reviewer
Ebenezer Okoh
Security Consultant at ebenezer.okoh@agorasecurity.it
Jun 3, 2025
Overall, I rate Wazuh a nine out of ten.
Read full review
MohamedAdel1 - PeerSpot reviewer
MohamedAdel1
Tech Lead at a tech vendor with 51-200 employees
Dec 24, 2025
When we talk about functionality, the most valuable feature or function I have found in Wazuh is Wazuh EDR agent with EDR capabilities.
Read full review
Buyer's Guide
Wazuh
April 2026
Free Report: Wazuh Reviews and More
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,244 professionals have used our research since 2012.
Sandip_Patel - PeerSpot reviewer
Sandip_Patel
Student at Dakota State University
Nov 22, 2024
Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs.
Read full review
MS
Muhammad_Saad
Software Engineer at i2c Inc.
Jul 10, 2024
The product's initial setup phase was easy.
Read full review
SC
Sean-Cox
Security Operations Center Analyst at mailbox.org
Feb 28, 2025
I would recommend Wazuh to others.
Read full review
reviewer2590542 - PeerSpot reviewer
reviewer2590542
Tech Lead at a tech vendor with 201-500 employees
Nov 4, 2024
We found the MITRE framework mapping and the agent enrollment service to be the most valuable features of Wazuh.
Read full review
Godwin Edmond - PeerSpot reviewer
Godwin Edmond
Senior Security Information Analyst at Carbon MFB
Oct 21, 2024
The most valuable feature of Wazuh is its EDR capabilities.
Read full review
NH
NoorulHussain
CEO at Intrust Labs
Jul 11, 2024
The solution is easy to maintain.
Read full review
SyedAli17 - PeerSpot reviewer
SyedAli17
Assistant Director at PTA
Sep 25, 2023
Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms.
Read full review
Show 10 more reviews (out of 49)
 

Wazuh Cons review quotes

reviewer2711757 - PeerSpot reviewer
reviewer2711757
Cyber Security Software Engineer at a tech services company with 11-50 employees
Jun 3, 2025
Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time.
Read full review
Ebenezer Okoh - PeerSpot reviewer
Ebenezer Okoh
Security Consultant at ebenezer.okoh@agorasecurity.it
Jun 3, 2025
When I face a challenge, I prefer not to spend too much time on it and may move to another solution that will give us the results.
Read full review
MohamedAdel1 - PeerSpot reviewer
MohamedAdel1
Tech Lead at a tech vendor with 51-200 employees
Dec 24, 2025
However, in the long term, if you want to build a SOC center on Wazuh, I do not recommend it because it's not stable.
Read full review
Buyer's Guide
Wazuh
April 2026
Free Report: Wazuh Reviews and More
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: April 2026.
DOWNLOAD NOW
893,244 professionals have used our research since 2012.
Sandip_Patel - PeerSpot reviewer
Sandip_Patel
Student at Dakota State University
Nov 22, 2024
An issue I noticed is with tag values in certain rules not functioning properly.
Read full review
MS
Muhammad_Saad
Software Engineer at i2c Inc.
Jul 10, 2024
Wazuh currently fails to provide its users with AI and ML.
Read full review
SC
Sean-Cox
Security Operations Center Analyst at mailbox.org
Feb 28, 2025
There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements.
Read full review
reviewer2590542 - PeerSpot reviewer
reviewer2590542
Tech Lead at a tech vendor with 201-500 employees
Nov 4, 2024
The support channel is not optimal, and extensive research is required on our part to implement Wazuh effectively.
Read full review
Godwin Edmond - PeerSpot reviewer
Godwin Edmond
Senior Security Information Analyst at Carbon MFB
Oct 21, 2024
So far, the recent updates have addressed most challenges we previously faced.
Read full review
NH
NoorulHussain
CEO at Intrust Labs
Jul 11, 2024
The product's configuration part and lack of AI capabilities are some of the major concerns associated with Wazuh.
Read full review
SyedAli17 - PeerSpot reviewer
SyedAli17
Assistant Director at PTA
Sep 25, 2023
One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs.
Read full review
Show 10 more reviews (out of 49)

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Cortex XDR by Palo Alto Networks vs Wazuh Logo
Cortex XDR by Palo Alto Networks vs Wazuh
Datadog vs Wazuh Logo
Datadog vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Dynatrace vs Wazuh Logo
Dynatrace vs Wazuh
SentinelOne Singularity Endpoint vs Wazuh Logo
SentinelOne Singularity Endpoint vs Wazuh
Darktrace vs Wazuh Logo
Darktrace vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Cribl vs Wazuh Logo
Cribl vs Wazuh
Trellix Endpoint Security Platform vs Wazuh Logo
Trellix Endpoint Security Platform vs Wazuh
Microsoft Defender XDR vs Wazuh Logo
Microsoft Defender XDR vs Wazuh
TrendAI Vision One vs Wazuh Logo
TrendAI Vision One vs Wazuh
Grafana Loki vs Wazuh Logo
Grafana Loki vs Wazuh
See all alternatives

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Cortex XDR by Palo Alto Networks vs Wazuh Logo
Cortex XDR by Palo Alto Networks vs Wazuh
Datadog vs Wazuh Logo
Datadog vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Dynatrace vs Wazuh Logo
Dynatrace vs Wazuh
SentinelOne Singularity Endpoint vs Wazuh Logo
SentinelOne Singularity Endpoint vs Wazuh
Darktrace vs Wazuh Logo
Darktrace vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Cribl vs Wazuh Logo
Cribl vs Wazuh
Trellix Endpoint Security Platform vs Wazuh Logo
Trellix Endpoint Security Platform vs Wazuh
Microsoft Defender XDR vs Wazuh Logo
Microsoft Defender XDR vs Wazuh
TrendAI Vision One vs Wazuh Logo
TrendAI Vision One vs Wazuh
Grafana Loki vs Wazuh Logo
Grafana Loki vs Wazuh
See all alternatives
Related questions
  • 477
What is the difference between SIEM and Next-Gen SIEM solutions?
  • 184
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 166
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 143
What are the main differences between Nessus and Arcsight?
  • 163
What's The Best Way to Trial SIEM Solutions?
  • 162
Which is the best SIEM solution for a government organization?
  • 476
What is the difference between IT event correlation and aggregation?
  • 136
What Is SIEM Used For?
  • 121
RSA-EMC vs. other SIEM products?
  • 227
What Questions Should I Ask Before Buying SIEM?