I use the solution in my company as an open-source tool and in our organization as an SIEM and XDR. We mainly use it as a SIEM tool. Moreover, we can use it with Palo Alto Networks XDR for vulnerability scanning because it provides us with vulnerability detection modules. We also use SDS and IDS frameworks as my company is a fintech. We use PCI DSS and NIST 800-53 framework, which is provided by Wazuh.

The solution's most valuable features are the SIEM modules, vulnerability detection modules, NIST 800-53, and the MITRE framework. I think these four are the most valuable core things provided by Wazuh as an open-source tool.

Wazuh currently fails to provide its users with AI and ML. From an improvement perspective, Wazuh needs to offer AI and ML to its customers. I want Wazuh to integrate with AI capabilities since it can help users do proactive monitoring.

I think scalability can be improved by using better indexer indices in Wazuh and by improving dashboarding. We can enhance Wazuh manager and Wazuh indexer.

I have been using Wazuh for more than a year. I use Wazuh version 4.7.2.

It is a stable solution. Stability-wise, I rate the solution a seven out of ten.

When it comes to stability, we have faced difficulty getting a lot of data or selecting the data from before 60 days sixteen years. Wazuh's access parts also stop responding to other users.

Scalability-wise, I rate the solution a six out of ten.

More than 100 people in my company use Wazuh.

I think Wazuh is used daily to check alerts, dashboards, and other related stuff.

I will use it in the future as a SIEM tool.

I have not received technical support for the solution. I got help from the Wazuh and Slack communities.

If one is difficult and ten means an easy setup phase, I rate the product's initial setup phase a seven out of ten. The product's initial setup phase was easy.

I have not faced any challenges during the product's installation phase. I was unable to change the admin password. The default admin password for admins couldn't be changed, and I am still unable to change my password because it does not allow me to change its admin password.

I was involved directly in the deployment process.

The solution is deployed on an on-premises model.

The solution can be deployed in a single day.

I single-handedly deployed the product.

Wazuh is an open-source tool.

After evaluations, my company has figured out that Wazuh is very expensive for our infrastructure and for the log ingestion process.

The vulnerability detection module and the MITRE framework are helpful because we are using the tool in our own data centers. The vulnerability detection module prevents us from being exploited by different vulnerabilities and different packages existing in our environment.

Wazuh's compliance management feature supports your regulatory requirements since it provides PCI DSS and NIST 800-53 framework. In general, the tool provides us with the baseline that is required.

I need two people to maintain it constantly and to monitor Wazuh so that we can resolve different types of space alerts and manage different file systems attached to it.

The tool is good, but you should be prepared to put in some manual effort to use it and also have some good technical support to perform the manual functions and operations you need in Wazuh.

I rate the tool an eight out of ten.

We recommend and assist our clients using Wazuh for semi-custom solutions for critical sectors like telecommunication, healthcare, government, or military. Wazuh helps them solve critical in a limited time. Their operations are already digital, but I haven't worked with highly critical customers. 

My customers mainly use Wazuh for threat detection in industries with mostly Windows servers. We monitor server changes like password changes and account privilege changes. Wazuh makes it easy to track these changes without needing to check the domain controller. We open the Wazuh interface to see all the details. That's why I love Wazuh, though I get nervous too.

Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories.

Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports.

I want more support for regional compliance standards to serve my ANZ region customers better.

I have been using Wazuh for the past three years.

Regarding stability, I would rate it a seven out of ten. It needs improvements, especially compared to products like IBM QRadar and other cloud-based solutions.

I rate the scalability of Wazuh as a four out of ten. While my customers are generally satisfied and do not have highly critical requirements, I see areas for improvement as a technical person.

The technical support for Wazuh's licensed products is decent. Sometimes, there are delayed response and resolution times, which can be frustrating. 

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Neutral

The initial setup was somewhat challenging for us, especially when we tried to do it independently. We faced some implementation issues but found solutions indicating ongoing product improvements. Sometimes, we face compatibility issues with certain industry products, requiring custom solutions, which can be a bit of a headache. However, we've managed to address these challenges over time. I would rate the setup process a five out of ten.

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Overall, I would rate Wazuh as seven out of ten.

We use Wazuh to deliver security features in a venture capital company project focused on building a mobile application.

They could include flexibility and customization capabilities by modifying for customers based on partner agreements. They could enhance governance-related tools for audit reports.

We conducted a cost-benefit evaluation and compared Wazuh with Sentinel and FortiCM. The decision to choose Wazuh was influenced by its compatibility with other systems and the strong open-source community.

In comparison, Microsoft has a huge community, but it needs to be easy to use. Additionally, FortiCM needs better community support.

We are the latest version of Wazuh.

We have not encountered any performance issues for the application up until now. I rate the stability an eight out of ten.

The product is easily scalable. We have around 20 executives using it daily. Our work on the use cases is still in progress.

We contact a third-party supplier for technical support. They provide seamless services and resolve issues by the next day most of the time.

I was a part of a service team using Splunk. I have experience working with Symantec Endpoint.

I rate the initial setup process a seven out of ten.

The implementation of Wazuh is done through a local third-party supplier, but the management and overall engagement with the company are handled in-house. The third-party supplier provides hardware provision, field engineers, and devices, with the day-to-day management and operations handled remotely.

There were some slight problems related to the images being used. However, these issues were attributed to infrastructure considerations rather than specific to Wazuh. Once the correct image was selected, the installation process for the first server during the proof of concept, which involved comparing Sentinel and other solutions, was completed relatively quickly—approximately one day.

It might require a team for regular patch management and vulnerability scanning. We have yet to start with the maintenance.

For both personal and service use, the perceived cost is relatively low. They have a good pricing strategy for market expansion.

I rate the product's pricing a three out of ten.

We evaluated Sentinel.

We are currently running a proof of concept and simulating usage with a select group of users as required by local bank licensing. It is utilized for vulnerability management. Up to this point, there have been minor incidents with no risks higher than moderate. Despite not needing immediate reaction, we have automation in place within your SOC and development team to respond in case of any recognized incidents.

One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability. Although it has yet to be fully implemented into production and is currently in a test environment, the decision to choose Wazuh was influenced significantly by this feature. It helps us streamline and automate the assessment of security incidents. We can organize response plans proactively, even before certain incidents occur. It is the most critical aspect for us.

There were initial challenges with the real-time alerting team due to the many systems-generated alerts. It took about three months to fine-tune the system configuration, focusing on capturing only the alarms relevant from a security perspective. Despite the initial difficulties, Wazuh worked seamlessly, and there were no notable issues with configurations, handling, or investigations. The challenges primarily occurred from system-related aspects rather than issues with Wazuh.

I do not have direct experience with scalability requirements, but the implementation has been seamless. No challenges are scaling up, especially regarding adding more machines to handle the same load. The challenge is delivering logs so that Wazuh can collect, read, and analyze them effectively. We were able to overcome major issues without the need for extensive support.

Wazuh has been integrated with an intrusion prevention system (IPS) solution, Suricata, also an open-source tool. This integration adds a layer for security monitoring. The integration process is quite straightforward, especially due to the community's availability of shared use cases.

I rate the product a seven out of ten.

We use Wazuh for internal testing, instant response, security operations, and compliance.

Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation.

At the moment, we haven't tried the cloud version yet. My customers are mostly into the cloud. Wazuh should come up with more in-built rules and integrations for the cloud.

I have been using Wazuh for one year.

I rate Wazuh seven and a half out of ten for stability.

Around 10 users are using the solution in our organization.

For a technical and experienced person, the solution's initial setup is easy. The setup would be a little hard for a non-technical person with less experience.

The initial implementation and configuration may take a maximum of one week.

Wazuh is not an expensive solution.

If correctly configured, Wazuh can support threat detection and response for SMBs. Wazuh is a good solution if you can implement, integrate, and fine-tune it in the right way.

Overall, I rate Wazuh an eight out of ten.

My company uses Wazuh in our lab environment, where we have 100 endpoints.

The tool does not provide CTI to monitor darknet. In the future, I want the tool to provide CTI to monitor the darknet so that by creating a single query, I can monitor the darknet.

I have been using Wazuh for a year. I am an end user of the solution.

Stability-wise, I rate the solution a five or six out of ten.

My company has a problem with the stability of the product because we don't have a high-availability architecture. The fact that my company does not have a high availability architecture might be our company's problem.

Around three security operators in my company use the product.

Though I want the use of the product to be increased in the company, the decision to do so lies in the hands of the management.

I have not contacted the tool's support team. If my company contacts the product's support team, it would be easier for our company to deal with the product's areas like deployment and usage. In the upcoming year, I would like to use the commercial tech support offered by the product.

Previously, I have used IBM QRadar, SentinelOne, and Splunk, which were all very expensive products.

My company started to use Wazuh considering its low prices compared to other solutions.

I rate the product's initial setup phase an eight or nine on a scale of one to ten, where one is difficult, and ten is easy. Wazuh is a very simple tool.

The solution is deployed on a private cloud.

It is difficult to comment on how much time is required to deploy the product since there is always a need to add new log sources and integration. The solution can be deployed in a few days so that the testing phase can be carried out.

Wazuh is a cheaply priced product.

The product has been implemented in my company's environment for threat direction straight out of the box through a simple implementation process.

My company uses the product for threat detection and to create and tune playbooks with roles. My company uses the product in our lab environment, so it's not used for production, which makes it easier for us to deal with the tuning part of the product.

The product helps our company's ability to comply with industry standards since we use the CIS benchmark for hardening GDPR compliance.

My company uses the product for event analysis. My company uses Wazuh as a SIEM solution.

My company uses the product for many of our use cases, and we also deal with the configuration part of the tool. My company is trying to tune the product, and it is possible to use it for event analysis with Wazuh. The product is effective in terms of event analysis.

The integration capabilities of the product with other tools, like FortiGate and NetFlow, are good.

More time is required for me to be able to see how the product's scalability can impact our company's environment.

The product is easy to customize. The product provides good setup documentation regarding the language to be used to use the product's customization abilities. The product offers a good level of documentation along with a good online community. On the internet, it is easier to get information about any problem or issue users face with the tool.

I recommend the product be used in a team with fewer members for security operations. The tool can be used if you work in areas like security and administration, where it can be easily used and implemented.

I rate the tool an eight out of ten.

We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.

Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.

I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system.

I have been using Wazuh as an end user since 2023.

The product is stable.

The solution is scalable. In the Bangladesh market, several banks are now actively considering Wazuh. They become fully compliant with compliance issues. Earlier, they were struggling to obtain approval and maintain compliance standards.

I have used Elastic Security. There are some customization needs in Wazuh. We cannot customize it.

The initial setup is easy. Log management plays a crucial role in using Wazuh to its full potential. Assessing the volume and nature of the data is essential to determine EPS. This calculation is pivotal, as it dictates resource allocation, such as access, RAM, and storage specifications.

The product is an open-source platform.

Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location.

The solution’s maintenance is easy.

Overall, I rate the solution an eight out of ten.

Wazuh is very good. It offers the ability to measure and benchmark your environment to one of the standards. We installed it on the customer's premises and benchmarked it against CIS controls. We are not in a big environment, and we haven't tested Wazuh for long.

The main thing I like about it is that it has an EDR. Other than that, I like that it allows us to benchmark against the standard. It even suggests ways to improve things. Wazuh helps us to research how we can meet the benchmark.

What I also like about Wazuh is that you can deploy the agents in Linux and Unix environments, such as HP, IBM, and Oracle servers. Those servers use UX and AIX environments. The solution has Solaris agents, too. It has agents for all platforms.

I have yet to find the same capability in Wazuh to get logs from different sources into the system. I haven't been able to explore that.

There are many functions I want to add. For example, I want to get feeds from different places through threat intelligence. If the feature is there, it needs to be matured. Threat intelligence is key to the use case I've deployed the solution for. It would be good if Wazuh correlated it with the internal and external feeds. Integrating Wazuh with other platforms is a key aspect.

I recently started using Wazuh. It's been about two months.

I rate Wazuh's stability a seven out of ten. It's stable. It's been working so far, and I have no reason to complain.

We have 20 endpoints on Wazuh and two or three administrators for now managing the solution.

I used an old SIEM before Wazuh. Wazuh is more stable. I preferred Wazuh because it's open source. The old SIEM is closing in on the product, though.

The initial setup is really simple. It took three hours to deploy Wazuh.

I implemented Wazuh myself since I'm an experienced administrator.

We use the free version of Wazuh. We will eventually move on to the commercial version.

I did some research, but I didn't test. The research was based on user opinions. I saw that most people have tested Wazuh. You can easily get resources online to help you to use the product. Wazuh is getting more popular. If you have a problem, you are not on your own.

Another solution we evaluated was Security Onion, but it was based on a platform that may be at the end of its life, which is Linux Red Hat. Linux Red Hat seems to be on shaky ground, and we don't know where it's headed. We wanted something that provides a roadmap that is not ending soon.

We're still in a test phase with Wazuh. I'm testing integration with the tools that other tools that we are using in a clustered environment. We can adapt the solution on the way forward.

I rate Wazuh a seven out of ten.

We use it as a cost-effective solution for our customers who are in the initial stages of adopting security measures. Many of these customers are new to security practices and are primarily seeking compliance with regulations.

Its cost-effectiveness is the most valuable aspect.

There is room for improvement in terms of simplifying the deployment process. In addition, it would be beneficial if Wazuh focused on expanding its offensive modules as the primary enhancement. Another valuable development would be the introduction of a Security Orchestration, Automation, and Response capability. It could work on further developing its threat intelligence offerings as the third priority.

I have been using it for two years.

We haven't faced any issues or challenges regarding its stability.

One of the challenges we face in Indonesia is the time zone difference when seeking support. The support team could be more responsive and provide quicker replies during our working hours in Indonesia, which would be a significant improvement.

Negative

I have experience with IBM QRadar. The key distinction between them and Wazuh is the presence of additional modules in IBM QRadar that are not found in Wazuh. IBM QRadar provides Security Orchestration Automation and Response capabilities, while Wazuh does not offer this feature.

The initial setup is relatively smooth and typically takes approximately one week to complete.

For the deployment process, I usually allocate one or two individuals. The first person is an infrastructure engineer, and the second is a Wazuh administrator. The deployment process involves several phases. The initial step is the assessment phase, where we evaluate the customer's assets, such as the number and types of assets and the specific logs they want to send. The second step involves implementing the assessment data and configuring it in the Wazuh engine. After completing the implementation, we move to the third phase, which focuses on operational tasks. In cases where a customer has new assets and there are no existing templates for parsing the data, our team needs to manually create these parsing templates. I would rate it six out of ten.

It is a cost-effective solution.

When customers prioritize enhanced security and rapid cyberattack detection, and they have a more substantial budget to work with, I typically recommend IBM QRadar. For customers who are still in the early stages of security adoption, Wazuh is my preferred suggestion. It is a suitable choice for smaller companies, as larger organizations, particularly those in the financial industry, tend to have more experienced and knowledgeable security teams. Overall, I would rate it eight out of ten.

We use Wazuh for PCI compliance monitoring. It can detect whether a server or PCA node is PCI compliant.

Wazuh is simple to use for PCI compliance.

Some features, like alerting, are complex with Wazuh. Setting up alerts and triggers can be difficult, and the interface could be better. Compared to other platforms, such as New Relic, Wazuh's UI could be improved. New Relic has a similar interface, but the UI updates have made it a better product.

We have certain requirements regarding monitoring and whether Wazuh is completely compliant with them. It would be helpful to know if Wazuh is a complete solution for log monitoring, including the requirements of PCA and other security aspects.

I have been using Wazuh for a couple of months. We are using the latest version of the solution.

While installing some agents, our team faced some issues. However, the stability is otherwise good. I rate the solution's stability a seven out of ten.

The solution is scalable. We've three to five users using this solution. I rate the solution's scalability a seven or eight out of ten.

Wazuh provided good support for whatever usage or issues we were facing. They were ready to support us at any point.

We have used ELK before, but it was not a complete solution for our needs. We needed to integrate it with other solutions. Wazuh seemed a more comprehensive solution, especially compared to other providers. We also tried products from a local company, but their service was not as good as Wazuh. It is also an established company. We decided to use Wazuh.

The initial setup of Wazuh is simple. The internal person sets up the application and installs the agents. They were able to do it in a day. Both setup and configuration are straightforward.

The solution's pricing is very competitive. I rate the solution's pricing a nine out of ten, where one is expensive and ten is cheap.

Overall, I rate the solution an eight out of ten.