Try our new research platform with insights from 80,000+ expert users
AKASH MAJUMDER - PeerSpot reviewer
SOC Analyst at OVELOSEC
Real User
Open-source platform with custom alerting
Pros and Cons
  • "Wazuh offers an enhanced HDR version that outperforms its competitors."
  • "While it is scalable, it can suffer from reduced latencies."

What is our primary use case?

Our main use case for Wazuh is in the healthcare industry, where we deploy it to help companies monitor their products during deployment. However, we also utilize Wazuh for IoT and OT, as well as for endpoint detection and response.

How has it helped my organization?

In our company, around 200-300 people are using Wazuh. Most of them are regular employees, such as HR and IT personnel. Additionally, there are some stock traders who also use the solution.

What is most valuable?

There are three key strengths of Wazuh that stand out to me. 

Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly.

Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in.

Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.

What needs improvement?

One area where Wazuh could be improved is scalability. While it is scalable, it can suffer from reduced latencies.

In the next release, I would like to see a more seamless combination of a SIEM system. However, the current SIEM system can be noisy at times, resulting in false positives instead of true positives. In comparison, Splunk has been able to reduce the number of false positives in its system.

Buyer's Guide
Wazuh
March 2025
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,406 professionals have used our research since 2012.

For how long have I used the solution?

As a stock analyst, I have been using Wazuh as my preferred solution for the past three and a half years, and I am currently using the latest version available.

What do I think about the stability of the solution?

I would rate the stability of Wazuh a six out of ten. At times, there have been issues with bugs in the configuration, which can lead to unexpected use cases.

What do I think about the scalability of the solution?

I would rate the scalability of Wazuh a seven out of ten because it cannot perform deep data analysis.

How are customer service and support?

A few years back, when I deployed Wazuh for the first time, there was no cloud model available, so they didn't offer support for on-premises deployments. However, with the cloud model now in place, the support is much better. That being said, the customer service and support still require improvement.

How would you rate customer service and support?

Neutral

How was the initial setup?

I found it to be more straightforward compared to other products like Splunk and Scalyr.

You can get started within five minutes.

What about the implementation team?

Deploying Wazuh can be done by one person, but for proper configuration within a specific use case, it is recommended to have at least three to four experienced individuals involved in the deployment process.

What was our ROI?

I have a level three analyst on my team, and as a stock analyst, I am aware that they also offer an MSP program that provides partnership offerings and other related services. However, I am not very familiar with it.

What's my experience with pricing, setup cost, and licensing?

Wazuh's licensing is based on the cloud. For instance, if you need to analyze a chunk of data, the approximate monthly price would be around $23 to $24.

Compared to its competitors like ELK Stack and other similar products, Wazuh offers a reasonable price point, with many of its competitors priced higher.

Which other solutions did I evaluate?

I have used Splunk.

What other advice do I have?

Based on the current market trend, I would highly recommend Wazuh to other users. It is an open-source tool that is highly scalable and provides custom alerting features that are not available from most other vendors. While ELK stack is the only other comparable open-source option, Wazuh's advanced capabilities make it a strong contender.

In general terms, if you're looking for a scalable and efficient SIEM solution that provides accurate alerting without too much noise, I would confidently recommend Wazuh to nine out of ten users.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Informatics Engineering Lecturer at Innovation Center STMIK AMIKOM
Real User
Top 20
Affordable and powerful tool for malware detection
Pros and Cons
  • "It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection."
  • "Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality."

What is our primary use case?

The primary use case for Wazuh is the detection of malware.

What is most valuable?

It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection. It is easy to install, configure, and run, requiring minimum resource investment, even for small-scale deployments on personal devices.

What needs improvement?

Improving the abilities related to security threat mapping, such as threat map landscape visualization, would be a great benefit. Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality.

For how long have I used the solution?

I have been working with it for two years.

What do I think about the stability of the solution?

I would rate the stability eight out of ten.

Which solution did I use previously and why did I switch?

I used Azure documentation and report storage, while researching other internet resources to gain a broader perspective on different product capabilities that are available for learning and deployment needs. Wazuh offers excellent features.

What's my experience with pricing, setup cost, and licensing?

When I contacted customer care, they mentioned bundling options, that I found to be overall affordable.

What other advice do I have?

I would recommend this product to other users in the field of cybersecurity. It provides enhanced network security and many useful features. It is easy to use, with a pricing structure that is more affordable compared to other options. I would rate it eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Wazuh
March 2025
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
845,406 professionals have used our research since 2012.
PubuduWijerathne - PeerSpot reviewer
Systems Administration Engineer at 5G Networks Ltd
Real User
Top 20
Enables us to monitor server changes like password changes and account privilege changes
Pros and Cons
  • "Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories. Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports."
  • "I want more support for regional compliance standards to serve my ANZ region customers better."

What is our primary use case?

We recommend and assist our clients using Wazuh for semi-custom solutions for critical sectors like telecommunication, healthcare, government, or military. Wazuh helps them solve critical in a limited time. Their operations are already digital, but I haven't worked with highly critical customers. 

My customers mainly use Wazuh for threat detection in industries with mostly Windows servers. We monitor server changes like password changes and account privilege changes. Wazuh makes it easy to track these changes without needing to check the domain controller. We open the Wazuh interface to see all the details. That's why I love Wazuh, though I get nervous too.

What is most valuable?

Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories.

Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports.

What needs improvement?

I want more support for regional compliance standards to serve my ANZ region customers better.

For how long have I used the solution?

I have been using Wazuh for the past three years.

What do I think about the stability of the solution?

Regarding stability, I would rate it a seven out of ten. It needs improvements, especially compared to products like IBM QRadar and other cloud-based solutions.

What do I think about the scalability of the solution?

I rate the scalability of Wazuh as a four out of ten. While my customers are generally satisfied and do not have highly critical requirements, I see areas for improvement as a technical person.

How are customer service and support?

The technical support for Wazuh's licensed products is decent. Sometimes, there are delayed response and resolution times, which can be frustrating. 

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup was somewhat challenging for us, especially when we tried to do it independently. We faced some implementation issues but found solutions indicating ongoing product improvements. Sometimes, we face compatibility issues with certain industry products, requiring custom solutions, which can be a bit of a headache. However, we've managed to address these challenges over time. I would rate the setup process a five out of ten.

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

What other advice do I have?

Overall, I would rate Wazuh as seven out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: msp
Flag as inappropriate
PeerSpot user
Idris Aliyu - PeerSpot reviewer
Senior Systems Engineer at a insurance company with 201-500 employees
Real User
Top 10
Easy to deploy in many environments, but it needs to strengthen key features like threat intelligence
Pros and Cons
  • "The main thing I like about it is that it has an EDR."
  • "I have yet to find the same capability in Wazuh to get logs from different sources into the system"

What is our primary use case?

Wazuh is very good. It offers the ability to measure and benchmark your environment to one of the standards. We installed it on the customer's premises and benchmarked it against CIS controls. We are not in a big environment, and we haven't tested Wazuh for long.

What is most valuable?

The main thing I like about it is that it has an EDR. Other than that, I like that it allows us to benchmark against the standard. It even suggests ways to improve things. Wazuh helps us to research how we can meet the benchmark.

What I also like about Wazuh is that you can deploy the agents in Linux and Unix environments, such as HP, IBM, and Oracle servers. Those servers use UX and AIX environments. The solution has Solaris agents, too. It has agents for all platforms.

What needs improvement?

I have yet to find the same capability in Wazuh to get logs from different sources into the system. I haven't been able to explore that.

There are many functions I want to add. For example, I want to get feeds from different places through threat intelligence. If the feature is there, it needs to be matured. Threat intelligence is key to the use case I've deployed the solution for. It would be good if Wazuh correlated it with the internal and external feeds. Integrating Wazuh with other platforms is a key aspect.

For how long have I used the solution?

I recently started using Wazuh. It's been about two months.

What do I think about the stability of the solution?

I rate Wazuh's stability a seven out of ten. It's stable. It's been working so far, and I have no reason to complain.

What do I think about the scalability of the solution?

We have 20 endpoints on Wazuh and two or three administrators for now managing the solution.

Which solution did I use previously and why did I switch?

I used an old SIEM before Wazuh. Wazuh is more stable. I preferred Wazuh because it's open source. The old SIEM is closing in on the product, though.

How was the initial setup?

The initial setup is really simple. It took three hours to deploy Wazuh.

What about the implementation team?

I implemented Wazuh myself since I'm an experienced administrator.

What's my experience with pricing, setup cost, and licensing?

We use the free version of Wazuh. We will eventually move on to the commercial version.

Which other solutions did I evaluate?

I did some research, but I didn't test. The research was based on user opinions. I saw that most people have tested Wazuh. You can easily get resources online to help you to use the product. Wazuh is getting more popular. If you have a problem, you are not on your own.

Another solution we evaluated was Security Onion, but it was based on a platform that may be at the end of its life, which is Linux Red Hat. Linux Red Hat seems to be on shaky ground, and we don't know where it's headed. We wanted something that provides a roadmap that is not ending soon.

What other advice do I have?

We're still in a test phase with Wazuh. I'm testing integration with the tools that other tools that we are using in a clustered environment. We can adapt the solution on the way forward.

I rate Wazuh a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Gerard Konan - PeerSpot reviewer
Founder & CEO at AGILLY
Reseller
Top 5
A stable solution with an intuitive interface that enables users to search logs easily
Pros and Cons
  • "The product’s interface is intuitive."
  • "The implementation is very complex."

What is most valuable?

Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.

What needs improvement?

The implementation is very complex.

For how long have I used the solution?

We are resellers of the product.

What do I think about the stability of the solution?

The tool is stable. We had issues later when the storage space was full. We had to change the location of the logs because the customer did not point the logs to the right storage. I rate the tool’s stability an eight out of ten.

What do I think about the scalability of the solution?

The scalability might be a challenge since we use the on-premise version. The system crashed when the disc was full of log data. It was a challenge. In our customer’s organization, 50 people are using the product.

How are customer service and support?

Our customers get technical support from us. They do not receive support from Wazuh.

How was the initial setup?

We need very skilled staff to implement the tool.

What about the implementation team?

The implementation took two to three weeks. Configuring the log collector from the servers was not very simple. Sometimes, we need to write some scripts and find specific assets. It is not a fully integrated solution. We need to set up three different elements. We needed three people to deploy the product. Our customers need only two people to maintain the tool.

What's my experience with pricing, setup cost, and licensing?

It is an open-source product. Apart from the implementation cost, our customers do not have to pay for the license.

What other advice do I have?

I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. 

Overall, I rate the product an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
PeerSpot user
AliAhangari - PeerSpot reviewer
Founder and CTO at Soorin
Real User
A total, open-source solution but the initial setup can be a bit complex
Pros and Cons
  • "It's stable."
  • "The deployment is a bit complex."

What is our primary use case?

We primarily use the solution as a cybersecurity monitoring solution. It has a powerful endpoint agent and can work as an EDR for endpoint detection and response. 

We gather information about the company and identify data sources. We develop a use case around them and have a specified case output. For example, if we want to do hard test or service scans, we gather some event logs from the firewalls, et cetera, and develop some logic. The logic will help us detect anomalies during hard scans. We use Wazuh for log extraction and logic application. It is a general framework. 

What is most valuable?

We like the fact that it is open-source and free to use. 

It is a total solution. We don't have to spend money, and we get almost everything we need from one source. 

It's stable.

The solution can scale. 

What needs improvement?

My understanding is the latest version, eight, can't support the latest version of Elasticsearch.

The older versions do not support EQ query syntax. There need to be more languages on offer. 

They need to improve collation detection.

The deployment is a bit complex. 

What do I think about the stability of the solution?

The performance is very good. It's reliable. It's better than Splunk. I'd rate the stability eight out of ten. 

What do I think about the scalability of the solution?

The solution is scalable. I'd rate the ability to scale nine out of ten.

We have 13 people using the solution, and we provide some services to different companies. We work as an MSP.

How are customer service and support?

I can't speak to support. We have some limitations when it comes to receiving support. We cannot directly contact the company as we are in Iran. 

Which solution did I use previously and why did I switch?

I am also familiar with Splunk. I find this product to offer better performance. Splunk is also a commercial solution. It is not open-source.

How was the initial setup?

The solution offers a complex deployment. We wanted to divide it up and set different modules on different machines. That made it a bit more difficult. 

I'd rate the ease of setup sic out of ten. While for smaller setups, the situation may be more straightforward, for larger enterprise-level setups, it can get complex. 

The deployment happens across many phases. There's the identification of scope, assets, and communication. Then, you need to deploy to a basic cluster. After that, you need to collect logs from various areas of the organization. Then, there's the normalization and parsing of event logs and verification processes. 

We managed a deployment with three people. However, a higher-level installation would likely need more people. We only need two or three people to handle maintenance for 24/7 coverage. If we drop that to work hours only, we need one or two people to cover maintenance. 

What's my experience with pricing, setup cost, and licensing?

The solution is open-source. We do not have to pay for a license. 

What other advice do I have?

I'm an end-user.

We are not using the latest version of the solution as it may not be compatible with Elasticsearch. We use version seven. 

I'd highly recommend the solution to others. I'd rate it seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Principal Architect at Calsoft
Real User
The pile integrity monitoring features are solid, but log analysis could be improved.
Pros and Cons
  • "The configuration assessment and Pile integrity monitoring features are decent."
  • "Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc."

What is our primary use case?

Our primary use case for Wazuh is monitoring endpoints. The second is incident management. Logging is essential for us because of Indian IT compliance rules require us to store logs for 180 days. We need to monitor and maintain logs also. 

Wazuh is monitoring around 1,200 inputs, but there are only about four or five members of the IT team directly using the solution. 

What is most valuable?

The configuration assessment and pile integrity monitoring features are decent.

What needs improvement?

Log data analysis could be improved. My IT team has been looking for an alternative because they want better log data for malware detection. We are also doing more container implementation also, so we need better container security, log data analysis, auditing and compliance, malware detection, etc. 

Overall, the implementation part of Azure is tricky. It can be simplified and automated more to shorten the deployment timeline, so we can immediately onboard the application. The entire implementation process should be user-friendly.

For how long have I used the solution?

We implemented Wazuh in 2019.

What do I think about the stability of the solution?

I rate Wazuh six out of 10 for stability. While we haven't seen any incidents lately, it used to crash a few years back. The dashboard would be inaccessible due to some service failure or something. 

What do I think about the scalability of the solution?

I rate Wazuh eight out of 10 for scalability.

How are customer service and support?

We use community forums like Stack Overflow to find answers. Most debugging and troubleshooting processes are readily available online. 

How was the initial setup?

Setting up Wazuh is complex. The deployment involved two IT engineers and took about two months

What about the implementation team?

We deployed Wazuh. 

What's my experience with pricing, setup cost, and licensing?

Wazuh is a free solution. 

Which other solutions did I evaluate?

We tried to replace Wazuh with a CrowdStrike real-time security solution. We also tried some solutions from one of our vendors We want to move to either Elastic or CrowdStrike.

What other advice do I have?

I rate Wazuh six out of 10. It's a solid open-source. Stability-wise, Wazuh seems to have fixed all the past issues, and the latest version is possibly the most stable. However, they need to add more features to keep up with the competition. Compared to products like Elastic, Wazuh still lacks a lot of in-depth information. It's still not possible to do a dive, and the configuration could be easier.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
David Arianto - PeerSpot reviewer
Chief Operating Officer at PT. Visionet Data Internasional
Real User
Top 20
Cost-effective solution with robust stability for threat detection and compliance
Pros and Cons
  • "Its cost-effectiveness is the most valuable aspect."
  • "The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement."

What is our primary use case?

We use it as a cost-effective solution for our customers who are in the initial stages of adopting security measures. Many of these customers are new to security practices and are primarily seeking compliance with regulations.

What is most valuable?

Its cost-effectiveness is the most valuable aspect.

What needs improvement?

There is room for improvement in terms of simplifying the deployment process. In addition, it would be beneficial if Wazuh focused on expanding its offensive modules as the primary enhancement. Another valuable development would be the introduction of a Security Orchestration, Automation, and Response capability. It could work on further developing its threat intelligence offerings as the third priority.

For how long have I used the solution?

I have been using it for two years.

What do I think about the stability of the solution?

We haven't faced any issues or challenges regarding its stability.

How are customer service and support?

One of the challenges we face in Indonesia is the time zone difference when seeking support. The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement.

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

I have experience with IBM QRadar. The key distinction between them and Wazuh is the presence of additional modules in IBM QRadar that are not found in Wazuh. IBM QRadar provides Security Orchestration Automation and Response capabilities, while Wazuh does not offer this feature.

How was the initial setup?

The initial setup is relatively smooth and typically takes approximately one week to complete.

What about the implementation team?

For the deployment process, I usually allocate one or two individuals. The first person is an infrastructure engineer, and the second is a Wazuh administrator. The deployment process involves several phases. The initial step is the assessment phase, where we evaluate the customer's assets, such as the number and types of assets and the specific logs they want to send. The second step involves implementing the assessment data and configuring it in the Wazuh engine. After completing the implementation, we move to the third phase, which focuses on operational tasks. In cases where a customer has new assets and there are no existing templates for parsing the data, our team needs to manually create these parsing templates. I would rate it six out of ten.

What's my experience with pricing, setup cost, and licensing?

It is a cost-effective solution.

What other advice do I have?

When customers prioritize enhanced security and rapid cyberattack detection, and they have a more substantial budget to work with, I typically recommend IBM QRadar. For customers who are still in the early stages of security adoption, Wazuh is my preferred suggestion. It is a suitable choice for smaller companies, as larger organizations, particularly those in the financial industry, tend to have more experienced and knowledgeable security teams. Overall, I would rate it eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Wazuh Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Wazuh Report and get advice and tips from experienced pros sharing their opinions.