My company specializes in providing SIEM as a service. We leverage Wazoo for that. Since Wazoo is open-source, I hosted it on Azure.

We provide Wazuh as a service to our customers. Currently, we have three clients whose environments are integrated with our Wazuh server on our CRM system. We handle the typical CRM use cases, including security alerts and advisories, and monitor their environments through our Wazuh server.

It allows you to aggregate all your logs in one place and provides a unified view to monitor your security environment. Unlike other solutions, Wazuh is open-source, so you don't need to invest in significant capital expenses. You can easily set up a server on Azure or your infrastructure. While you will need specialized personnel to operate it, this is true for any SIEM solution.

One of Wazuh's most significant advantages, aside from being open source, is its flexible dashboards. Integrated with Elasticsearch, Wazuh allows you to create customized dashboards if you have an in-house developer. This level of customization isn’t available with Fortinet, which offers only pre-made dashboards. Wazuh lets you design any dashboard you need.

Wazuh doesn't have native support for some enterprise solutions. It requires an agent installed on the server, whether Windows Server or Linux, to collect logs. While you can gather information via SNMP or Splunk logs, this isn't natively supported. Some decoders are available, but they are community-built rather than officially supported. It relies on its community to create these decoders as an open-source platform, so they may not be fully integrated.

It's pretty stable. If it's not properly implemented, you don't have stability problems if you follow the documentation and do it as detailed documentation.

Wazuh is highly scalable. You can install it on-premises, in Azure, or using Docker. The architecture allows you to separate the dashboard, index, and node servers.

Wazuh offers technical support, but you need to pay for it. If you are using the open-source solution, you'll need to rely on the extensive documentation and the community itself.

The initial setup is complicated. You need a specialist in the technology to make good use of it. You can do it on-premises. You can do it on Azure. You can do it on the hybrid cloud as a docker. So it's very flexible.

We use Azure, which we currently use as a single server. We will migrate it to our partner using Azure.

It takes two months to deploy completely.

You save on licensing, and you need to invest in people.

When Wazuh is properly implemented, it runs smoothly without causing many problems. However, if it's not set up correctly, you might encounter issues that require weekly maintenance. These can include database and disk issues because, as a VM solution, Wazuh collects a large amount of logging data. Proper implementation prevents these problems, but they can arise if you're unsure how to do it.

Overall, I rate the solution an eight out of ten.

I use the solution in my company for XDR and SIEM.

The solution's most valuable feature is that its XDR part provides a very good experience compared to other open-source software. Wazuh is also better than the existing XDR apps.

Wazuh needs improvement in terms of AI. All the tools, whether SIEM or other tools, are focused on AI-based areas. Wazuh should plan to integrate with the AI part.

The product's configuration part and lack of AI capabilities are some of the major concerns associated with Wazuh.

Considering the current technology, the entire infra will be changed for quantum computing and security. We need AI, which is drastically evolving. We needed some alignment with the AI-based Wazuh, and I believe it would be a very promising development since it would not be stable otherwise. Splunk has started working on AI-related stuff. Wazuh's XDR is very good.

I have been using Wazuh for three years. My company has a partnership with Wazuh.

The tool is very powerful, without a doubt. It is a stable tool. Wazuh is better than Splunk, and I say so since it is very suitable for small and mid-level businesses with lower data volume. Splunk is the best if we need to deal with a higher volume. I can go ahead with Splunk if it is a higher volume. When it comes to small and middle-level businesses, our organization, Wazuh, which has the lowest data volumes, is the best and most stable tool.

When it comes to scalability, there are two things to consider while scaling up Wazuh's deployment. One is that our server and infra facilities should be aligned properly. Wazuh is a scalable tool. I can say the only drawback is that one requires technical knowledge to set up and configure the tool.

The solution's technical support quality is mid-range. I rate the technical support a seven out of ten.

It is easy to install and deploy the tool, but only an experienced person can handle such areas. It means the subject matter expert can handle the tool. It cannot be given to someone randomly as the person needs to have some expertise.

The solution is easy to maintain.

Three people can deploy the solution.

Wazuh has given some timelines for the average deployment, but I must ask my team about it.

The product price is neither too high nor too low. A lot of small players can easily adapt to Wazuh. Many are interested in adopting Wazuh in their own infrastructure.

I would say that Wazuh's threat detection capabilities are effective at around 80 percent.

Regarding compliance and integrity monitoring, I would say that the problem stems from the fact that someone who doesn't know or has any background associated with Wazuh or someone junior in the profession cannot configure the product. An experienced person should configure Wazuh, and then only we can get the settings right because it is mostly a configuration-based tool. There are a lot of things in the configuration-based part. The product offers seamless integration capabilities.

I will have to ask my team members about details related to the operational cost and security incident response time associated with the solution.

My final bottom line recommendation to others is that they should consider whether they are using small volumes, and if so, it means their organization is small or mid-sized and is using very few data volumes for which Wazuh is the best choice instead of Graylog, Splunk or some other tool. We need the expertise to set up and configure the tool properly. Expertise and knowledge should be the key thing if anybody needs to adopt the tool. Others need to consider the tool's readiness for the AI revolution.

I rate the tool an eight out of ten.

I use the solution in my company as an open-source tool and in our organization as an SIEM and XDR. We mainly use it as a SIEM tool. Moreover, we can use it with Palo Alto Networks XDR for vulnerability scanning because it provides us with vulnerability detection modules. We also use SDS and IDS frameworks as my company is a fintech. We use PCI DSS and NIST 800-53 framework, which is provided by Wazuh.

The solution's most valuable features are the SIEM modules, vulnerability detection modules, NIST 800-53, and the MITRE framework. I think these four are the most valuable core things provided by Wazuh as an open-source tool.

Wazuh currently fails to provide its users with AI and ML. From an improvement perspective, Wazuh needs to offer AI and ML to its customers. I want Wazuh to integrate with AI capabilities since it can help users do proactive monitoring.

I think scalability can be improved by using better indexer indices in Wazuh and by improving dashboarding. We can enhance Wazuh manager and Wazuh indexer.

I have been using Wazuh for more than a year. I use Wazuh version 4.7.2.

It is a stable solution. Stability-wise, I rate the solution a seven out of ten.

When it comes to stability, we have faced difficulty getting a lot of data or selecting the data from before 60 days sixteen years. Wazuh's access parts also stop responding to other users.

Scalability-wise, I rate the solution a six out of ten.

More than 100 people in my company use Wazuh.

I think Wazuh is used daily to check alerts, dashboards, and other related stuff.

I will use it in the future as a SIEM tool.

I have not received technical support for the solution. I got help from the Wazuh and Slack communities.

If one is difficult and ten means an easy setup phase, I rate the product's initial setup phase a seven out of ten. The product's initial setup phase was easy.

I have not faced any challenges during the product's installation phase. I was unable to change the admin password. The default admin password for admins couldn't be changed, and I am still unable to change my password because it does not allow me to change its admin password.

I was involved directly in the deployment process.

The solution is deployed on an on-premises model.

The solution can be deployed in a single day.

I single-handedly deployed the product.

Wazuh is an open-source tool.

After evaluations, my company has figured out that Wazuh is very expensive for our infrastructure and for the log ingestion process.

The vulnerability detection module and the MITRE framework are helpful because we are using the tool in our own data centers. The vulnerability detection module prevents us from being exploited by different vulnerabilities and different packages existing in our environment.

Wazuh's compliance management feature supports your regulatory requirements since it provides PCI DSS and NIST 800-53 framework. In general, the tool provides us with the baseline that is required.

I need two people to maintain it constantly and to monitor Wazuh so that we can resolve different types of space alerts and manage different file systems attached to it.

The tool is good, but you should be prepared to put in some manual effort to use it and also have some good technical support to perform the manual functions and operations you need in Wazuh.

I rate the tool an eight out of ten.

We recommend and assist our clients using Wazuh for semi-custom solutions for critical sectors like telecommunication, healthcare, government, or military. Wazuh helps them solve critical in a limited time. Their operations are already digital, but I haven't worked with highly critical customers.

My customers mainly use Wazuh for threat detection in industries with mostly Windows servers. We monitor server changes like password changes and account privilege changes. Wazuh makes it easy to track these changes without needing to check the domain controller. We open the Wazuh interface to see all the details. That's why I love Wazuh, though I get nervous too.

Regarding Wazuh, I find the SCA (Security Configuration Assessment) features most valuable. It's crucial for asset management and inventory, allowing us to monitorendpoints and servers' changes easily. This is particularly important for my customers, who aren't heavily focused on incident response but rely on asset management and inventories.

Wazuh's compliance management features are very supportive, especially in regions like the Americas and Europe. However, it's less effective in the ANZ (Australia and New Zealand) region since Wazuh doesn't cater to the specific compliance standards there, such as those required in Australia. I appreciate that Wazuh fully complies with PCI DSS and GDPR standards, allowing us to generate necessary reports.

I want more support for regional compliance standards to serve my ANZ region customers better.

I have been using Wazuh for the past three years.

Regarding stability, I would rate it a seven out of ten. It needs improvements, especially compared to products like IBM QRadar and other cloud-based solutions.

I rate the scalability of Wazuh as a four out of ten. While my customers are generally satisfied and do not have highly critical requirements, I see areas for improvement as a technical person.

The technical support for Wazuh's licensed products is decent. Sometimes, there are delayed response and resolution times, which can be frustrating.

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

The initial setup was somewhat challenging for us, especially when we tried to do it independently. We faced some implementation issues but found solutions indicating ongoing product improvements. Sometimes, we face compatibility issues with certain industry products, requiring custom solutions, which can be a bit of a headache. However, we've managed to address these challenges over time. I would rate the setup process a five out of ten.

Wazuh is deployed on the cloud and on-premises in our customers' organisations. Deploying Wazuh depends on the customer's requirements; smaller customers take less time, but complex needs can extend the process. Typically, deployment is completed within a month.

Overall, I would rate Wazuh as seven out of ten.

We use Wazuh to deliver security features in a venture capital company project focused on building a mobile application.

They could include flexibility and customization capabilities by modifying for customers based on partner agreements. They could enhance governance-related tools for audit reports.

We conducted a cost-benefit evaluation and compared Wazuh with Sentinel and FortiCM. The decision to choose Wazuh was influenced by its compatibility with other systems and the strong open-source community.

In comparison, Microsoft has a huge community, but it needs to be easy to use. Additionally, FortiCM needs better community support.

We are the latest version of Wazuh.

We have not encountered any performance issues for the application up until now. I rate the stability an eight out of ten.

The product is easily scalable. We have around 20 executives using it daily. Our work on the use cases is still in progress.

We contact a third-party supplier for technical support. They provide seamless services and resolve issues by the next day most of the time.

I was a part of a service team using Splunk. I have experience working with Symantec Endpoint.

I rate the initial setup process a seven out of ten.

The implementation of Wazuh is done through a local third-party supplier, but the management and overall engagement with the company are handled in-house. The third-party supplier provides hardware provision, field engineers, and devices, with the day-to-day management and operations handled remotely.

There were some slight problems related to the images being used. However, these issues were attributed to infrastructure considerations rather than specific to Wazuh. Once the correct image was selected, the installation process for the first server during the proof of concept, which involved comparing Sentinel and other solutions, was completed relatively quickly—approximately one day.

It might require a team for regular patch management and vulnerability scanning. We have yet to start with the maintenance.

For both personal and service use, the perceived cost is relatively low. They have a good pricing strategy for market expansion.

I rate the product's pricing a three out of ten.

We evaluated Sentinel.

We are currently running a proof of concept and simulating usage with a select group of users as required by local bank licensing. It is utilized for vulnerability management. Up to this point, there have been minor incidents with no risks higher than moderate. Despite not needing immediate reaction, we have automation in place within your SOC and development team to respond in case of any recognized incidents.

One of the most beneficial features of Wazuh, particularly in the context of security needs, is the machine learning data handling capability. Although it has yet to be fully implemented into production and is currently in a test environment, the decision to choose Wazuh was influenced significantly by this feature. It helps us streamline and automate the assessment of security incidents. We can organize response plans proactively, even before certain incidents occur. It is the most critical aspect for us.

There were initial challenges with the real-time alerting team due to the many systems-generated alerts. It took about three months to fine-tune the system configuration, focusing on capturing only the alarms relevant from a security perspective. Despite the initial difficulties, Wazuh worked seamlessly, and there were no notable issues with configurations, handling, or investigations. The challenges primarily occurred from system-related aspects rather than issues with Wazuh.

I do not have direct experience with scalability requirements, but the implementation has been seamless. No challenges are scaling up, especially regarding adding more machines to handle the same load. The challenge is delivering logs so that Wazuh can collect, read, and analyze them effectively. We were able to overcome major issues without the need for extensive support.

Wazuh has been integrated with an intrusion prevention system (IPS) solution, Suricata, also an open-source tool. This integration adds a layer for security monitoring. The integration process is quite straightforward, especially due to the community's availability of shared use cases.

I rate the product a seven out of ten.

We use Wazuh for internal testing, instant response, security operations, and compliance.

Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation.

At the moment, we haven't tried the cloud version yet. My customers are mostly into the cloud. Wazuh should come up with more in-built rules and integrations for the cloud.

I have been using Wazuh for one year.

I rate Wazuh seven and a half out of ten for stability.

Around 10 users are using the solution in our organization.

For a technical and experienced person, the solution's initial setup is easy. The setup would be a little hard for a non-technical person with less experience.

The initial implementation and configuration may take a maximum of one week.

Wazuh is not an expensive solution.

If correctly configured, Wazuh can support threat detection and response for SMBs. Wazuh is a good solution if you can implement, integrate, and fine-tune it in the right way.

Overall, I rate Wazuh an eight out of ten.

My company uses Wazuh in our lab environment, where we have 100 endpoints.

The tool does not provide CTI to monitor darknet. In the future, I want the tool to provide CTI to monitor the darknet so that by creating a single query, I can monitor the darknet.

I have been using Wazuh for a year. I am an end user of the solution.

Stability-wise, I rate the solution a five or six out of ten.

My company has a problem with the stability of the product because we don't have a high-availability architecture. The fact that my company does not have a high availability architecture might be our company's problem.

Around three security operators in my company use the product.

Though I want the use of the product to be increased in the company, the decision to do so lies in the hands of the management.

I have not contacted the tool's support team. If my company contacts the product's support team, it would be easier for our company to deal with the product's areas like deployment and usage. In the upcoming year, I would like to use the commercial tech support offered by the product.

Previously, I have used IBM QRadar, SentinelOne, and Splunk, which were all very expensive products.

My company started to use Wazuh considering its low prices compared to other solutions.

I rate the product's initial setup phase an eight or nine on a scale of one to ten, where one is difficult, and ten is easy. Wazuh is a very simple tool.

The solution is deployed on a private cloud.

It is difficult to comment on how much time is required to deploy the product since there is always a need to add new log sources and integration. The solution can be deployed in a few days so that the testing phase can be carried out.

Wazuh is a cheaply priced product.

The product has been implemented in my company's environment for threat direction straight out of the box through a simple implementation process.

My company uses the product for threat detection and to create and tune playbooks with roles. My company uses the product in our lab environment, so it's not used for production, which makes it easier for us to deal with the tuning part of the product.

The product helps our company's ability to comply with industry standards since we use the CIS benchmark for hardening GDPR compliance.

My company uses the product for event analysis. My company uses Wazuh as a SIEM solution.

My company uses the product for many of our use cases, and we also deal with the configuration part of the tool. My company is trying to tune the product, and it is possible to use it for event analysis with Wazuh. The product is effective in terms of event analysis.

The integration capabilities of the product with other tools, like FortiGate and NetFlow, are good.

More time is required for me to be able to see how the product's scalability can impact our company's environment.

The product is easy to customize. The product provides good setup documentation regarding the language to be used to use the product's customization abilities. The product offers a good level of documentation along with a good online community. On the internet, it is easier to get information about any problem or issue users face with the tool.

I recommend the product be used in a team with fewer members for security operations. The tool can be used if you work in areas like security and administration, where it can be easily used and implemented.

I rate the tool an eight out of ten.

We use Wazuh for the onboarding of both Windows and Linux machines, as well as for firewall and SIM configuration. The IP address is automatically blocked if a server has multiple wrong passwords.

Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.

I have built some rules that produce duplicate alerts two or three times. Therefore, these rules should be consolidated. Alerts should be specific rather than repeatedly triggered by integrating multiple factors. This issue needs improvement to create a more efficient alert system.

I have been using Wazuh as an end user since 2023.

The product is stable.

The solution is scalable. In the Bangladesh market, several banks are now actively considering Wazuh. They become fully compliant with compliance issues. Earlier, they were struggling to obtain approval and maintain compliance standards.

I have used Elastic Security. There are some customization needs in Wazuh. We cannot customize it.

The initial setup is easy. Log management plays a crucial role in using Wazuh to its full potential. Assessing the volume and nature of the data is essential to determine EPS. This calculation is pivotal, as it dictates resource allocation, such as access, RAM, and storage specifications.

The product is an open-source platform.

Wazuh can onboard multiple customers onto a single deployment through its multi-tenancy feature. Each customer can have their own interface with the same deployment location.

The solution’s maintenance is easy.

Overall, I rate the solution an eight out of ten.

Wazuh is very good. It offers the ability to measure and benchmark your environment to one of the standards. We installed it on the customer's premises and benchmarked it against CIS controls. We are not in a big environment, and we haven't tested Wazuh for long.

The main thing I like about it is that it has an EDR. Other than that, I like that it allows us to benchmark against the standard. It even suggests ways to improve things. Wazuh helps us to research how we can meet the benchmark.

What I also like about Wazuh is that you can deploy the agents in Linux and Unix environments, such as HP, IBM, and Oracle servers. Those servers use UX and AIX environments. The solution has Solaris agents, too. It has agents for all platforms.

I have yet to find the same capability in Wazuh to get logs from different sources into the system. I haven't been able to explore that.

There are many functions I want to add. For example, I want to get feeds from different places through threat intelligence. If the feature is there, it needs to be matured. Threat intelligence is key to the use case I've deployed the solution for. It would be good if Wazuh correlated it with the internal and external feeds. Integrating Wazuh with other platforms is a key aspect.

I recently started using Wazuh. It's been about two months.

I rate Wazuh's stability a seven out of ten. It's stable. It's been working so far, and I have no reason to complain.

We have 20 endpoints on Wazuh and two or three administrators for now managing the solution.

I used an old SIEM before Wazuh. Wazuh is more stable. I preferred Wazuh because it's open source. The old SIEM is closing in on the product, though.

The initial setup is really simple. It took three hours to deploy Wazuh.

I implemented Wazuh myself since I'm an experienced administrator.

We use the free version of Wazuh. We will eventually move on to the commercial version.

I did some research, but I didn't test. The research was based on user opinions. I saw that most people have tested Wazuh. You can easily get resources online to help you to use the product. Wazuh is getting more popular. If you have a problem, you are not on your own.

Another solution we evaluated was Security Onion, but it was based on a platform that may be at the end of its life, which is Linux Red Hat. Linux Red Hat seems to be on shaky ground, and we don't know where it's headed. We wanted something that provides a roadmap that is not ending soon.

We're still in a test phase with Wazuh. I'm testing integration with the tools that other tools that we are using in a clustered environment. We can adapt the solution on the way forward.

I rate Wazuh a seven out of ten.