Wazuh Reviews

We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.

Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.

I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system.

I have been using Wazuh as an end user since 2023.

The product is stable.

The solution is scalable. In the Bangladesh market, several banks are now actively considering Wazuh. They become fully compliant with compliance issues. Earlier, they were struggling to obtain approval and maintain compliance standards.

I have used Elastic Security. There are some customization needs in Wazuh. We cannot customize it.

The initial setup is easy. Log management plays a crucial role in using Wazuh to its full potential. Assessing the volume and nature of the data is essential to determine EPS. This calculation is pivotal, as it dictates resource allocation, such as access, RAM, and storage specifications.

The product is an open-source platform.

Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location.

The solution’s maintenance is easy.

Overall, I rate the solution an eight out of ten.

We use the solution for event monitoring.

The tool is stable.

The rules are hard coded. The tool doesn't detect anomalies or new environments. The product lacks AI features. We have to do a lot of manual searching.

I have been using the solution for about eight months.

The tool is scalable for our use cases. Five to ten people use the solution in our organization. We need one administrator to monitor and improve our solution.

We did not contact support. Our company’s security personnel set everything and documented it.

We use Elastic Stack for logs.

The deployment was straightforward. It took two to three months. We needed two people for deployment.

We did the deployment in-house with the help of our security personnel and someone from the DevOps team.

The product is cheaper compared to other tools. Depending on the logs, the product costs $200 to $400. We currently have five servers.

We evaluated Google Cloud.

When Google contacted us, we were looking into an AI solution. Our implementation is rather basic. Overall, I rate the solution an eight out of ten.

We use the solution for vulnerability metrics, auditing, and detecting SQL injection attacks.

The solution's most valuable feature is its SCA capabilities.

There could be a hardware monitoring tool for the solution. It helps reduce the cost of utilizing external resources for the same.

We have been using the solution for five to six months.

I rate the solution's scalability a ten out of ten. We have enterprise business clients.

We are currently evaluating the cost of the solution's support services.

We have multiple teams using the solution in the virtual environment. It was easy to deploy for a few teams while challenging for others.

I rate the solution's pricing a seven out of ten.

I rate the solution a seven out of ten. There needs to be monitoring for the hardware similar to Zabbix and Nagios solutions.

We use the solution for endpoint detection and response. It helps us detect malicious files.

The solution is easy to integrate with other SOC tools. Also, it has a lot of capabilities like active response, cloud security, etc.

The solution's configuration could be faster.

We have been using the solution for two months.

The solution is easy to install. However, it takes a long time to configure.

It is a stable solution.

It is an open-source solution.

I recommend the solution to others and rate it a seven. It has many features and integrates with other substitutes like QRadar, Hive, etc.

We use Wazuh for inventory, logging activity, malware detection, and detecting hidden processes running on the server. 

I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful.

Integration with Vyara could be better.

I have been using Wazuh for about three months.

Wazuh is a stable solution. We have not faced any issues yet.

The initial setup is straightforward, but we faced some challenges integrating it with Vyara. 

On a scale from one to ten, I would give the initial setup a nine.

Wazuh is free and open source.

On a scale from one to ten, I would give Wazuh an eight.

My main use case for Wazuh is checking security events.

Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source.

Wazuh needs more security features, particularly visualization features and a health monitor. In the next release, it should be easier to see the origin of events when connected to a firewall or switch. I would also like more integration with XDR and cloud-based formats like the GCO log testing system or Huawei.

I've just started using Wazuh.

Wazuh is stable.

I believe Wazuh is scalable.

I previously used Splunk and changed to Wazuh because of its lower cost.

The initial setup is easy.

Wazuh is a good solution if you want to visualize your environment. I would rate Wazuh eight out of ten.

We use Wazuh as a SIEM tool for log aggregation and understanding different compliances. If there are vulnerabilities in the operating systems, that can be traced using Wazuh.

I like that the solution is on top of the Kubernetes stack.

The biggest part that's missing is threat intelligence. It isn't inbuilt, and if a sudden incident occurs, we don't get that feedback inside the SIEM tool. That's a big gap, I see. It would be better if we could get the threat intelligence feeds integrated with the SIEM tools. That would help us push value solutions to the clients in a big way.

We have been using Wazuh for six to eight months.

Wazuh is stable after some tweaks. 

Wazuh is scalable. One of our customers is using Wazuh and has about 98 endpoints. So, we could say 98 servers, and it's been integrated.

The initial setup is straightforward. I don't see that much of a challenge, especially on the Wazuh cloud. Even Wazuh's on-prem solutions are pretty comprehensive.

It takes about three to four hours to set up Wazuh manager on-premise. After that, the client installations are very straightforward. For a client, it might take about five minutes.

We implement this solution for our clients. Maintenance and management depend on how many clients, how many different instances, or how many different projects you are maintaining. One technical staff is more than enough if it's for a single setup because there's not much maintenance required. You can set up all the policies on Wazuh itself. Like all the lifecycle management solutions, all that is inbuilt.

Wazuh is totally free and open source. There are no licensing costs, only support costs if you need them.

I would recommend this solution to potential users. It's a simple solution you can try for free, and you can get support. I would recommend Wazuh because people can test it, understand how it works, and then decide if they want to continue using it.

On a scale from one to ten, I would give Wazuh a six. 

My company specializes in providing SIEM as a service. We leverage Wazoo for that. Since Wazoo is open-source, I hosted it on Azure.

We provide Wazuh as a service to our customers. Currently, we have three clients whose environments are integrated with our Wazuh server on our CRM system. We handle the typical CRM use cases, including security alerts and advisories, and monitor their environments through our Wazuh server.

It allows you to aggregate all your logs in one place and provides a unified view to monitor your security environment. Unlike other solutions, Wazuh is open-source, so you don't need to invest in significant capital expenses. You can easily set up a server on Azure or your infrastructure. While you will need specialized personnel to operate it, this is true for any SIEM solution.

One of Wazuh's most significant advantages, aside from being open source, is its flexible dashboards. Integrated with Elasticsearch, Wazuh allows you to create customized dashboards if you have an in-house developer. This level of customization isn’t available with Fortinet, which offers only pre-made dashboards. Wazuh lets you design any dashboard you need.

Wazuh doesn't have native support for some enterprise solutions. It requires an agent installed on the server, whether Windows Server or Linux, to collect logs. While you can gather information via SNMP or Splunk logs, this isn't natively supported. Some decoders are available, but they are community-built rather than officially supported. It relies on its community to create these decoders as an open-source platform, so they may not be fully integrated.

It's pretty stable. If it's not properly implemented, you don't have stability problems if you follow the documentation and do it as detailed documentation.

Wazuh is highly scalable. You can install it on-premises, in Azure, or using Docker. The architecture allows you to separate the dashboard, index, and node servers.

Wazuh offers technical support, but you need to pay for it. If you are using the open-source solution, you'll need to rely on the extensive documentation and the community itself.

Positive

The initial setup is complicated. You need a specialist in the technology to make good use of it. You can do it on-premises. You can do it on Azure. You can do it on the hybrid cloud as a docker. So it's very flexible.

We use Azure, which we currently use as a single server. We will migrate it to our partner using Azure.

It takes two months to deploy completely.

You save on licensing, and you need to invest in people.

When Wazuh is properly implemented, it runs smoothly without causing many problems. However, if it's not set up correctly, you might encounter issues that require weekly maintenance. These can include database and disk issues because, as a VM solution, Wazuh collects a large amount of logging data. Proper implementation prevents these problems, but they can arise if you're unsure how to do it.

Overall, I rate the solution an eight out of ten.