Wazuh Reviews

We use Wazuh for PCI compliance monitoring. It can detect whether a server or PCA node is PCI compliant.

Wazuh is simple to use for PCI compliance.

Some features, like alerting, are complex with Wazuh. Setting up alerts and triggers can be difficult, and the interface could be better. Compared to other platforms, such as New Relic, Wazuh's UI could be improved. New Relic has a similar interface, but the UI updates have made it a better product.

We have certain requirements regarding monitoring and whether Wazuh is completely compliant with them. It would be helpful to know if Wazuh is a complete solution for log monitoring, including the requirements of PCA and other security aspects.

I have been using Wazuh for a couple of months. We are using the latest version of the solution.

While installing some agents, our team faced some issues. However, the stability is otherwise good. I rate the solution's stability a seven out of ten.

The solution is scalable. We've three to five users using this solution. I rate the solution's scalability a seven or eight out of ten.

Wazuh provided good support for whatever usage or issues we were facing. They were ready to support us at any point.

We have used ELK before, but it was not a complete solution for our needs. We needed to integrate it with other solutions. Wazuh seemed a more comprehensive solution, especially compared to other providers. We also tried products from a local company, but their service was not as good as Wazuh. It is also an established company. We decided to use Wazuh.

The initial setup of Wazuh is simple. The internal person sets up the application and installs the agents. They were able to do it in a day. Both setup and configuration are straightforward.

The solution's pricing is very competitive. I rate the solution's pricing a nine out of ten, where one is expensive and ten is cheap.

Overall, I rate the solution an eight out of ten.

The solution can be used for monitoring changes on the endpoint of machines. It focuses mostly on endpoints and the dangers that may come through. 

They are very good for endpoint security monitoring. 

Windows machine monitoring is good. It's very easy to track threats. 

It's very capable of finding even low-level threats on endpoint machines.

If they support a solution, it is easy to do an integration.

The solution is stable and reliable.

It can scale.

There is lots of good documentation.

The setup is easy.

I don't have any notes for new features. 

When it comes to interfacing with some other applications, it could be better. It could have better integration capabilities. They need to go towards integrating with more cloud applications and not just OS like Windows and Linux. 

I've been using the solution for seven years. 

The solution is stable and reliable. There were no bugs or glitches when I used it. I haven't used it for a while. However, I never had trouble, and we had very minimal issues. 

The solution is very scalable. It can extend well. That said, it is not a solution for banks. There could be some limitations in different sectors. 

We primarily use the solution ourselves within our own teams. 

I've never contacted technical support. Most of the documentation is helpful, and that helps me avoid reaching out. 

I stopped using Wazuh for a while. I'm not a regular user, and I am changing companies. I may be using a new product.

The solution is pretty straightforward. All solutions of this nature have a very similar setup. The length of time depends on the number of endpoint machines. 

I can often do the setup by myself. However, I sometimes ask the network engineers for support. That said, doing the installation itself only really takes one person. 

I can do the initial setup by myself. 

It's a good solution for SMEs. It may not be ideal for enterprise-level companies. 

I'd rate the solution eight out of ten. 

We're using it in our company as well as our customer's companies. 

It is usually used for SIM and log collection and licenses.

The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

It is stable. 

The deployment is easy, and they provide very good documentation.

It can scale well.

Technical support is quite helpful.

We would like to see more improvements on the cloud. They need better cloud integration. We already have it on the latest version. However, we have yet to upgrade it. We'd like to see more overall integration support. That includes integration with cloud providers and more API-based integration, which would be helpful for lots of other integrations as well.

The active response needs to be better. I hope they create something on the front end. We have to do a lot of backend coding in Wazuh for active response. That's the major thing that we would like to see to improve it.

We've been using the solution for around one year.

The product is very stable. We have had it deployed for more than six months and we deployed that product on our premises and also on the customer's end. We haven't found any performance issues so far.

As far as I can see, it is scalable. 

We've deployed it in a Kubernetes cluster, and Wazuh works in a clustered environment. It is a cluster-aware product. We can scale it as much as we want to in the future.

Right now, our SOC Analyst team, which is around 11 to 15 people, as well as a few customers, are using the solution currently. 

Technical support is very extensive. We had a long conversation regarding some role-based access control with their team, and they were really helpful, and the support was really good, even though we were using the open-source version of that product.

We did previously use Alien Vault. There are some licensing obligations, so it's a bit difficult to maintain. We also preferred using an open-source option.

It is very easy to deploy and works well with different types of operating systems. 

They provide very good documentation, and they also have got it in containers, so it was very easy to set up.

The overall agent installation and the server installation took maybe half an hour.

We're using the open-source version, and their licensing is fairly straightforward. We do not have to worry about any other monitoring matters since we are using the pre-version.

We're customers. We're using multi-tenant and have companies that are mostly SMEs. We also have a few enterprises as well. 

My advice to new users is that you should do extensive research and need a system team in your company to deploy, configure, and set up everything. Other than that, it's a highly recommended product from our side, and we wish that this product had intel support. I hope that it improves in the future as well.

According to the use case scenario we have, I would rate it an eight out of ten.

We wanted a solution as an in-house SIEM tool, which can collect security and order logs for compliance purposes. We tried to explore a lot of tools and considering our budget and use cases, this tool matched our requirements.

We have five to seven users and we will be adding more users.

There are two features that stand out. Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work. Second, we can configure the logs per our requirement. 

The scalability of this solution could be improved. 

We have been Wazah for the past month. 

This is a stable solution but we have only tested that for one month. 

Scalability is a challenge because it is distributed architecture and it uses Elastic DB. Their Elastic DB doesn't allow open source waste application. 

We have not reached out to the support team. We have just followed the Wazuh online documentation.

The initial setup is a little bit complex as it takes some time to understand the configurations. 

We started the implementation with the assistance of a consultant but completed it in-house. 

I would definitely recommend Wazuh to those who want a SIEM tool as a central logging system and for log management. You can complete the necessary security audits using this tool and have your security alerts configured if your system is receiving unknown attacks.

Overall, this is a fantastic tool but you will need an expert to assist with configuration. Scaling this solution is also challenging. We have not tested migrating from one server to another. 

I would rate this solution a six out of ten.

We integrated all of our services and infrastructure in the cloud with Wazuh.

I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform.

It would be better if they had a vulnerability assessment plug-in like the one AlienVault has. In the next release, I would like to have an app with an alerting mechanism.

I have been working with Wazuh for two and a half years.

Wazuh is a stable solution.

Wazuh is a scalable solution. We had 18 employees using this solution.

We had an AlienVault setup, but it does not support the cloud servers and infrastructure. Wazuh is known for cloud security event management.

It took less than ten days for the integration and to get the complete setup up and running.

Wazuh was implemented by one of my team members, who is a Wazuh expert. This employee did the complete installation and everything else.

Wazuh has a community edition, and I was using that. It's free and open source.

I would tell potential users to review the technical implementation documentation before setting up Wazuh. This is because setting up Wazuh is a little bit tricky for a newbie because they won't be able to understand the technicalities of the solution. Just go through the technical documentation and implementation documentation once before installing Wazuh.

On a scale from one to ten, I would give Wazuh a seven.

I use Wazuh as an open-source solution for SIEM and file integrity monitoring. I have conducted a few POCs in the bank sectors, as well as demos specifically regarding SIEM. 

In Pakistan, we have a state bank that controls the regularities. The banking sector wants to save money and is only interested in compliance. Our company helps them with this. Wazuh is used for file integrity monitoring on Unix, Linux, and Windows systems.

Wazuh is available on the cloud, however,  it depends on the customer. I work with the financial sector, which does not want its data to be on a public or private cloud.

I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems. 

There are three other features I find valuable. First, Wazuh helped me harden the appliances. Second, Wazuh gives me the opportunity to check the hardness through the CIS benchmarks and the other controls, such as Windows auditing policies. On the other hand, I have found it to be more useful for the PCI DSS compliance as it gives a very clear view regarding the benchmark of the PCI DSS. Last, Wazuh is most famous for the SIEM. The solution gives integrity monitoring for the specific file and updates on the real-time monitoring if the hashes change.

Wazuh has a drawback with regard to Unix systems. The solution does not allow us to do real-time monitoring for Unix systems. If usage increases, it would be a heavy fall on the other SIEM solutions or event monitoring solutions. 

We found a workaround by reducing the frequency, so it would give us some sort of real-time monitoring.

I have been using Wazuh for four months. 

Wazuh is stable, however, at the start, I did face many difficulties managing the solution. We have a private lab in our office and the server is turned down each day. At the start of the next day, I would face an issue with our Elasticsearch not completely being loaded and the Kibana not loaded.

The solution is quite scalable. 

The initial setup of Wazuh is straightforward. I was able to implement this by following the documentation. I downloaded the CentOS OS appliance, which takes a few minutes, and then another ten to twenty minutes to upload and give it the IP address and network. It takes only one integrator like me to deploy everything.

Implementation of Wazuh depends on the organization, specifically, if the organization is on Azure Active Directory, or if it's just a normal Active Directory. 

When I implement the solution, I will never go on the agent-based implementation, I will do centralized implementation which is provided by Wazuh. Using the create agent part, I have a power shell script for Windows or a different script for either Linux or Unix. 

I give the script to the administrator and request them to push it directly on the systems, so within a few seconds I can see on the Wazuh dashboards that the agents are active. This allows me to manage them through centralized groups. It would not be recommended to push every script and change every file on the final device.

Wazuh is open-source, therefore it is free. You can purchase support for $1,000 a year.

My advice to someone considering Wazuh would depend on if they are using the open-source solution or not. If they are using open-source, I recommend that they purchase the support from Wazuh. Be prepared to be patient and wait for the services to be completely up. Once it is up, you are free to use it.

I would rate this solution an eight out of ten.

Wazuh is used for event information and management. We have several events that are of interest, and Wazuh lets our folks know if any of them trigger.

My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance.

There's not much I like about Wazuh. Other products I've used were a lot more functional and user friendly. They came with reports and use cases out of the box. We need to configure Wazuh's alerts and monitoring capabilities manually. It'd be nice if we could select from templates and presets for use cases already built and coded. 

I've only been with the company since November, but I believe they've been using Wazuh for maybe five years.

I haven't had issues with stability.

Wazuh can scale up, but it doesn't scale easily. It's extensively used. We have about 30 people in our company using it. 

Wazuh is an open-source solution, so there isn't any support. We look for answers in the knowledge base and on user forums.  

I wasn't with the company during the initial installation, but Wazuh does require some maintenance. We don't have the resources to take care of it, so it tends to get out of date and require updates. We have an administrator, but maintaining Wazuh is only one of his responsibilities. 

Wazuh is open-source, but you must consider the total cost of ownership. It may be free to acquire, but you spend a lot of time and effort supporting the product and getting it to a point where it's useful. 

There are more advanced and robust offerings out there like QRadar that we should try instead of upgrading to a new version of Wazuh.

I rate Wazuh four out of 10. It can do the job, but you need to invest a lot of time configuring it for your use case.

We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.

Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.

I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system.

I have been using Wazuh as an end user since 2023.

The product is stable.

The solution is scalable. In the Bangladesh market, several banks are now actively considering Wazuh. They become fully compliant with compliance issues. Earlier, they were struggling to obtain approval and maintain compliance standards.

I have used Elastic Security. There are some customization needs in Wazuh. We cannot customize it.

The initial setup is easy. Log management plays a crucial role in using Wazuh to its full potential. Assessing the volume and nature of the data is essential to determine EPS. This calculation is pivotal, as it dictates resource allocation, such as access, RAM, and storage specifications.

The product is an open-source platform.

Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location.

The solution’s maintenance is easy.

Overall, I rate the solution an eight out of ten.