Try our new research platform with insights from 80,000+ expert users
Wazuh Logo

Wazuh Reviews

Vendor: Wazuh
3.7 out of 5
Badge Ranked 1
Leave a review

What is Wazuh?

Wazuh offers comprehensive security features like MITRE ATT&CK correlation, log monitoring, and cloud-native infrastructure. It ensures compliance and provides intrusion detection with high scalability and open-source flexibility, ideal for businesses seeking robust SIEM capabilities.

Get the Wazuh Buyer's Guide and find out what your peers are saying about Wazuh, CrowdStrike Falcon, Dynatrace and more!
Wazuh is the #1 ranked solution in Log Management Software, #2 ranked solution in top Security Information and Event Management (SIEM) solutions, and #5 ranked solution in XDR Security products. PeerSpot users give Wazuh an average rating of 7.4 out of 10. Wazuh is most commonly compared to CrowdStrike Falcon: Wazuh vs CrowdStrike Falcon. Wazuh is popular among the large enterprise segment, accounting for 46% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 15% of all views.
Buyer's Guide
Wazuh
August 2025
Get the report
Helped 866,218 peers since 2012

Featured Wazuh reviews

Read more reviews

Wazuh mindshare

Product category:
Security Information and Event Manage...
As of August 2025, the mindshare of Wazuh in the Security Information and Event Management (SIEM) category stands at 11.8%, down from 16.4% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Security Information and Event Management (SIEM) Market Share Distribution
ProductMarket Share (%)
Wazuh11.8%
Splunk Enterprise Security9.4%
IBM Security QRadar7.4%
Other71.4%
Security Information and Event Management (SIEM)

PeerResearch reports based on Wazuh reviews

TypeTitleDate
CategorySecurity Information and Event Management (SIEM)Aug 29, 2025Download
ProductReviews, tips, and advice from real usersAug 29, 2025Download
ComparisonWazuh vs Splunk Enterprise SecurityAug 29, 2025Download
ComparisonWazuh vs Microsoft SentinelAug 29, 2025Download
ComparisonWazuh vs IBM Security QRadarAug 29, 2025Download
Suggested products
TitleRatingMindshareRecommending
CrowdStrike Falcon4.34.7%96%132 interviewsAdd to research
Dynatrace4.4N/A95%349 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

Wazuh offers valuable features like MITRE ATT&CK correlation, integration ease, SIEM file activity monitoring, PCI DSS compliance, and EDR capabilities. Users appreciate its open-source nature, scalability, and flexible dashboards. It excels in vulnerability detection, compliance management, and cloud integration. Its logging and monitoring capabilities, alongside built-in frameworks, make it suitable for various environments, enhancing security and compliance across Linux, Unix, and Windows systems.

  • "I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good."
  • "Overall, I rate Wazuh a nine out of ten."
  • "I would recommend Wazuh to others."

Room for Improvement

Wazuh requires improvements in its user interface for better user-friendliness and enhanced integration capabilities with various platforms. It lacks native threat intelligence and scalability for large enterprises. Users find its alerting system complex and would benefit from more AI integration. There are issues with the configuration and reporting mechanisms. Real-time monitoring and flexibility in customizing decoders are also concerns. Wazuh's documentation can be overwhelming and its support needs enhancement.
  • "Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time."
  • "When I face a challenge, I prefer not to spend too much time on it and may move to another solution that will give us the results."
  • "There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements."

ROI

Users experienced a significant improvement in their ROI with Wazuh, noting a dramatic reduction in mean time to detect threats from three months to just an hour and a faster response time from thirty days to two days. They appreciated Wazuh's cost-effectiveness compared to other market options and its ability to provide security cost savings without compromising quality. Many found it valuable for reducing cost by eliminating lump-sum payments and maintaining an in-house system.

Pricing

Wazuh is an open-source solution, appealing to enterprises for its lack of licensing fees. While its initial cost is free, companies should consider the total ownership cost including potential support and infrastructure expenses. Managed services and cloud options are available, with support starting at $1,000 annually and approximate monthly data processing costs of $23 to $24. Despite being price-sensitive, some users find the overall pricing competitive against similar solutions.
  • "The product price is neither too high nor too low."
  • "Wazuh is an open-source tool."
  • "Wazuh is a cheaply priced product."

Popular Use Cases

Companies use Wazuh for collecting and correlating logs, monitoring security events, and managing compliance. It is employed as a SIEM tool for endpoint detection, vulnerability management, and event information management. Organizations leverage Wazuh's capabilities for regulatory compliance, threat detection, and anomaly detection. Many utilize it for alerting, auditing, and log aggregation across diverse infrastructures, including cloud and on-premise setups. Its open-source nature makes it cost-effective and highly adaptable for various security needs.

Service and Support

Wazuh offers excellent customer service with a solid support structure. Many users find community forums and documentation helpful, especially for the open-source version. Paid support is often praised despite occasional delays and engagement issues. Users generally rate the service between seven and ten out of ten. Geographical challenges and response times are noted areas for improvement, while community support on Slack and Google groups is appreciated for its promptness and effectiveness.

Deployment

Initial setup experiences with Wazuh vary. Many users find it straightforward and swift, taking anywhere from minutes to a few days, often aided by comprehensive documentation. Some report complexities, especially with larger or customized deployments, which may require skilled personnel and extended time. Maintenance following setup can be minimal, but resource allocation and updates demand attention. While straightforward for experienced users, some face challenges, particularly in advanced configurations.

Scalability

Many find Wazuh to be scalable, suitable for small to medium enterprises with the capability to manage numerous endpoints. However, some express challenges, noting the need for technical expertise and infrastructure adjustments. While some view its deployment as straightforward, others mention difficulties, particularly with large data or complex environments. Ratings vary, but many assess Wazuh's scalability positively, indicating it has room for improvements in handling larger scales or more demanding uses.

Stability

Wazuh is frequently updated, leading to occasional instability. It generally performs well, although mid-level customers note it's stable with minor glitches expected in open-source software. Users find installation straightforward but configuration challenging. Proper maintenance improves stability, while poor maintenance reduces it. Rating varies from six to nine out of ten, with most issues being due to human error or insufficient architecture, not Wazuh itself. Despite needing more maintenance, many rate its stability positively.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our Wazuh Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company SizeCount
Small Business22
Midsize Enterprise12
Large Enterprise8
By reviewers
By visitors reading reviews
Company SizeCount
Small Business2179
Midsize Enterprise1271
Large Enterprise2904
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
15%
Comms Service Provider
9%
University
8%
Manufacturing Company
7%
Government
7%
Educational Organization
7%
Financial Services Firm
6%
Retailer
5%
Healthcare Company
4%
Media Company
3%
Construction Company
3%
Hospitality Company
3%
Non Profit
3%
Real Estate/Law Firm
3%
Insurance Company
2%
Energy/Utilities Company
2%
Outsourcing Company
2%
Legal Firm
1%
Wholesaler/Distributor
1%
Transportation Company
1%
Performing Arts
1%
Consumer Goods Company
1%
Recreational Facilities/Services Company
1%
Aerospace/Defense Firm
1%
Pharma/Biotech Company
1%

Compare Wazuh with alternative products

Go!

Learn more about Wazuh

Wazuh stands out in security information and event management by providing efficient log aggregation, vulnerability scanning, and event correlation against MITRE ATT&CK. Its capability to integrate seamlessly with environments, manage compliance, and monitor files makes it suitable for cloud-native infrastructures and financial sectors. Despite its technical support needing enhancement and opportunities for improving AI integration and threat intelligence, its open-source nature and cost-effectiveness make it appealing. Users can leverage custom dashboards powered by Elasticsearch for precise data analysis, even though there is a desire for a more user-friendly interface and better enterprise solution integration. Deployment may be complex, but its features contribute significantly to fortified security postures.

What are the essential features of Wazuh?
  • MITRE ATT&CK Correlation: Aligns events with recognized adversary tactics and techniques.
  • Log Monitoring: Collects and analyzes logs for threat detection.
  • Cloud-Native Infrastructure: Supports modern cloud environments.
  • Vulnerability Scanning: Identifies potential security weaknesses.
  • File Integrity Monitoring: Ensures the integrity of sensitive files.
  • Open-Source Flexibility: Customizable and adaptable code base.
What benefits should users consider?
  • Cost-Effectiveness: Offers a budget-friendly security solution.
  • Ease of Use: Simplified setup and management.
  • Comprehensive Compliance Management: Aids in meeting regulatory requirements.
  • High Scalability: Grows with businesses and adapts to different environments.
  • Extensive Third-Party Integrations: Connects to various existing systems.

Industries like finance and cloud infrastructure heavily utilize Wazuh for its security strengths. By monitoring endpoints and ensuring compliance with frameworks, companies can improve security posture and swiftly detect anomalies. The platform's focus on event correlation and alerts for security incidents is particularly beneficial.

Wazuh was previously known as Wazuh All-In-One Deployment.

Related articles

Julia Miller - PeerSpot reviewer
Top SIEM Solutions & Success Stories: Strengthening Cybersecurity in Diverse Industries
Read more

Related questions

  • 507
What is the difference between SIEM and Next-Gen SIEM solutions?
  • 182
What Solution for SIEM is Best To Be NIST 800-171 Compliant?
  • 57
When evaluating Security Information and Event Management (SIEM), what aspect do you think is the most important feature to look for?
  • 102
What are the main differences between Nessus and Arcsight?
  • 32
What's The Best Way to Trial SIEM Solutions?
  • 139
Which is the best SIEM solution for a government organization?
  • 813
What is the difference between IT event correlation and aggregation?
  • 64
What Is SIEM Used For?
  • 40
RSA-EMC vs. other SIEM products?
  • 349
What Questions Should I Ask Before Buying SIEM?

Product Categories

Product Categories
Security Information and Event Management (SIEM)
Log Management
Extended Detection and Response (XDR)

Popular Comparisons

Popular Comparisons
CrowdStrike Falcon vs Wazuh Logo
CrowdStrike Falcon vs Wazuh
Dynatrace vs Wazuh Logo
Dynatrace vs Wazuh
Microsoft Sentinel vs Wazuh Logo
Microsoft Sentinel vs Wazuh
Datadog vs Wazuh Logo
Datadog vs Wazuh
Splunk Enterprise Security vs Wazuh Logo
Splunk Enterprise Security vs Wazuh
Darktrace vs Wazuh Logo
Darktrace vs Wazuh
SentinelOne Singularity Complete vs Wazuh Logo
SentinelOne Singularity Complete vs Wazuh
Microsoft Defender XDR vs Wazuh Logo
Microsoft Defender XDR vs Wazuh
IBM Security QRadar vs Wazuh Logo
IBM Security QRadar vs Wazuh
Cortex XDR by Palo Alto Networks vs Wazuh Logo
Cortex XDR by Palo Alto Networks vs Wazuh
Elastic Security vs Wazuh Logo
Elastic Security vs Wazuh
Grafana Loki vs Wazuh Logo
Grafana Loki vs Wazuh
Elastic Observability vs Wazuh Logo
Elastic Observability vs Wazuh
Trellix Endpoint Security Platform vs Wazuh Logo
Trellix Endpoint Security Platform vs Wazuh
Graylog vs Wazuh Logo
Graylog vs Wazuh
See all alternatives
 
Wazuh Reviews Summary
Author infoRatingReview Summary
Security Consultant at ebenezer.okoh@agorasecurity.it4.5I use Wazuh for daily security operations focused on threat hunting and intrusion detection. The system integrates well with our firewalls. I see room for improvement with AI integration, but overall, it provides cost-effective security solutions.
Cyber Security Software Engineer at a tech services company with 11-50 employees4.0I use Wazuh as a versatile open-source SIEM platform, benefiting from its customizability and cost-saving advantages. Though documentation is comprehensive, improvements are needed in uniformity and developer-friendliness. The platform effectively integrates third-party services and ranks highly for its capabilities.
Student at Dakota State University3.0I am evaluating Wazuh for file monitoring and compliance reporting. Its valuable features include cost-effective alerts and compliance tools, although improvements are needed with rule tags. Wazuh offers potential ROI compared to previous market solutions, especially for small to medium businesses.
Software Engineer at i2c Inc.4.0I use Wazuh in my company mainly as a SIEM and XDR tool. Its most valuable features include SIEM modules, vulnerability detection, and compliance frameworks. However, it lacks AI and ML capabilities and is costly for our infrastructure and log ingestion.
Security Operations Center Analyst at mailbox.org4.0I use Wazuh as a highly customizable open-source SIEM solution that effectively addresses various client issues. Its valuable CVE helper feature is beneficial, though it requires labor-intensive maintenance due to limited AI integration, needing constant code input.
Tech Lead at a tech vendor with 201-500 employees3.5We integrated Wazuh with Google Cloud for data collection and anomaly detection, valuing its MITRE framework mapping. While support and integration need improvement, Wazuh offers a significant ROI by reducing detection and response times compared to previous manual audits.
Senior Security Information Analyst at Carbon MFB4.0I use Wazuh for SIEM, leveraging its EDR capabilities to monitor threats and ensure compliance. Its server-agent mode effectively aggregates logs, and while the latest updates have improved the interface, I haven't used other SIEM solutions like Splunk.
Assistant Director at PTA4.5We use Wazuh for internal security monitoring, valuing its scalability, open-source customization, and integration capabilities. However, its reporting mechanism needs improvement to create executive-level reports more efficiently and offer standardized industry use cases.