Wazuh All-In-One Deployment

At the moment, I'm working in software integration, so we are working with FortiGate . To research and get an idea, I did some investigation into Wazuh .

They have already used Fortinet products.

They use pretty much almost all Fortinet products including FortiGate , FortiSIEM , FortiXDR .

At the moment, they only use FortiGate and FortiSIEM .

I have worked with Wazuh  before with limited experience.

Pricing-wise, Wazuh stands out, along with deployment flexibility and its documentation which is extremely good in comparison to Forti. The community support is also incredible.

They have helped quite a bit because previously, we had a separate tool and management dashboard to do our compliance. With Wazuh, we receive that information without having to do anything extra. We just set up the SIEM  and all of that information was automatically populated.

The dashboards are very easy to understand and very quick with no lag or delay. I have experienced delays on Forti's dashboards, but not with Wazuh.

Wazuh is quite good. In comparison to Forti, they are quite similar. They are very good at detection.

The lack of AI features is an issue at the moment in the industry.

Forti provides user behavior capabilities, which I would want to see in Wazuh.

In FortiSIEM, they provide user behavior understanding AI capability. This is not available with Wazuh, so I would want that feature.

Both solutions have incredible performance and stability. The only issue is Forti's dashboards tend to lag, so that needs improvement.

Machine learning is needed along with understanding user behavior and behavioral patterns. That capability is something that other vendors provide that I would want to see.

I started using it less than a year ago.

Both solutions have incredible performance and are incredibly stable. The only issue is Forti's dashboards tend to lag, so that needs improvement.

Apart from pricing, there are no major considerations.

If you want to consider pricing, there is no reason to switch from Forti to Wazuh.

Wazuh differs from Forti as Forti comes in bundles that you have to pay for. With Wazuh, there is no starting payment for the SIEM  itself, but you have to pay for support.

I would definitely recommend Wazuh, especially considering Fortinet's licensing model which is confusing and overpriced in my opinion.

Right now, we haven't decided. We just want to explore and see what is available.

I prefer Wazuh a bit more, though both are similar.

I would rate Wazuh eight to nine out of ten.

I would rate Forti seven to eight out of ten.

Wazuh is actually better than Forti.

I have utilized the solution.

My overall rating for Wazuh is 9 out of 10.

Wazuh  is a SIEM  platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I completed one project where I removed malware.

The valuable features of Wazuh  include being open source and having the capacity to be used for anything desired. It allows for creating new automations, whereas other Software as a Service platforms have their own business models. With this open source tool, organizations can establish their own customized setup.

That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active community and dense documentation. There are many people sharing different projects of similar tasks, which is beneficial.

In the proof of concept documentation, it's a mixture of Windows, whereas they also catered to Ubuntu . I'm referring to apt and yum languages for downloading the server indexer. I downloaded in apt, but their first proof of concept is in yum, so I must change languages. This is something I do not prefer because I prefer a more uniform language. When running in production, I'm on a time crunch as time is money.

Wazuh could improve by creating videos on YouTube covering installation, use cases, and integration of third-party APIs for different scenarios that other SAAS services provide. While Wazuh provides these features, one must read their documentation thoroughly to customize it. This is a great feature, but initially, I don't have time to scan multiple items. They could make it more uniform and developer-friendly. As a software engineer, it takes considerable time, but as a businessman, I need to complete tasks quickly and need that flexibility.

Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time.

I spoke with Wazuh support today regarding a quote. I would rate Wazuh support an 8 out of 10. They responded quickly, which was crucial as I was on a time constraint.

Positive

Due to confidentiality, I cannot share specific quantifiable benefits that deploying Wazuh has brought to my company. However, it resulted in cost reduction by avoiding lump sum payments and providing the benefit of having our own system.

Wazuh is free to use, but there are licensing fees for third parties. Their consultancy fee and support fees are relatively high. On a scale of 1 to 10, I would rate their consultancy and support fees a 5.

I would be willing to provide a review for products I have experience with. I recommend Wazuh to everyone and believe more platforms, not just SIEM  and XDR  capability platforms, should be open source, allowing people to leverage these tools for the greater good. I support it completely. Overall, I rate Wazuh 8 out of 10.

I use Wazuh  for daily security operations mainly on EDR endpoints by installing it on the agents that we are monitoring to collect security data. It helps us monitor endpoints and know what is going on at each endpoint, and we are able to tap the data and use it in other platforms such as SOAR .

I find the threat hunting features of Wazuh  most valuable, as we are more interested in the threat hunting side and want to move ahead into threat hunting before any threat becomes something that cannot be dealt with. Wazuh has a threat hunting functionality that we use extensively.

The intrusion detection capabilities work effectively in my environment, as we also have firewalls, and we rely more on the firewall side for intrusion detection.

The threat hunting features of Wazuh are particularly valuable for our operations. We focus heavily on threat hunting capabilities to address potential threats before they become unmanageable.

The intrusion detection capabilities integrate seamlessly with our existing firewall infrastructure. The system allows us to monitor endpoints effectively and collect security data that can be utilized across other platforms such as SOAR .

I think Wazuh should improve by introducing AI functionalities, as it would be beneficial to see AI incorporated in the threat hunting and detection functionalities. I hope this will be part of the new versions.

Regarding challenges with Wazuh, I cannot pinpoint specific difficulties. When I face a challenge, I prefer not to spend too much time on it and may move to another solution that will give us the results. Sometimes what seems a challenge is just an implementation issue, and while the documentation is comprehensive, it can become overwhelming when quick information is needed for implementation.

I have been using Wazuh for about a year now.

Wazuh is easy to set up, as it's clearly defined in their documentation, with various options such as bare metal or Docker  implementations. The level of documentation is superior compared to other open source products.

Sometimes issues arise with some of these tools, but because they are open source, there are limitations to what can be expected.

I would rate the stability of Wazuh a nine out of ten.

Currently, I don't see any limitations in terms of scalability as Wazuh can still connect many endpoints. I haven't encountered issues with the engine struggling, and it's simply a matter of having enough memory to handle open search memory issues. I think they've done exceptionally in terms of scalability.

I rate the scalability of Wazuh an eight out of ten, as I haven't reached the point of struggling with it.

I would rate the setup of Wazuh a nine out of ten.

I have seen value in security cost savings with Wazuh, as using proprietary EDR versions could save us substantial money, but I haven't made any comparisons since we started using Wazuh immediately.

Wazuh is completely free of charge.

I have not seen Wazuh moving in the direction of AI-driven threat detection projects myself, but since the market is moving that way, I wouldn't be surprised if they implemented it soon.

My plans to increase the usage of Wazuh or switch to another tool depend on what my boss decides.

We don't refer to any community support specifically, as we rely on other platforms such as GitHub  or Discord, depending on the application.

I recommend that as more companies come on board with Wazuh, it will motivate those who contribute to it, but I am also cautious that as it gains attention, a large company might buy it and change its course of business.

Overall, I rate Wazuh a nine out of ten.

We use Wazuh  as a SIEM  solution because it is open source, highly customizable, and continually expanding. Our clients can request various solutions for their issues, which Wazuh  is able to address.

One of the most valuable features of Wazuh is its capability as a CVE helper. It assists in pulling reports about active CVEs in the system. Wazuh is a SIEM  tool that is highly customizable and versatile. The fact that it is open source means it is always being expanded, which is beneficial for customizing solutions for individual client requests.

There is room for improvement by integrating more AI into Wazuh. It requires constant nurturing, as I have to provide it with code and specific requirements. This maintenance can be quite labor-intensive and time-consuming.

I have been using Wazuh for nearly three years.

The stability of Wazuh is largely dependent on maintenance. If it is well-maintained, it is stable, rating around eight to nine. Without proper maintenance, stability could drop to around five to six.

Wazuh is scalable and suitable for small to medium-sized businesses or enterprises. It can accommodate thousands of endpoints on one instance, and multiple instances can run for different clients.

There is no dedicated technical support for Wazuh as it is open source. I rely on available documentation and self-support.

Positive

The initial setup of Wazuh is not more complex than any other SIEM solutions available.

I would recommend Wazuh to others. It is a good system that provides a comprehensive view of network activities when correctly set up with syslog and proper log injection. Overall, I would rate Wazuh an eight out of ten.

I am currently evaluating and using Wazuh  for file monitoring and compliance reporting. We are in the process of conducting a POC to understand how the rules work. I lead this effort to explore and evaluate Wazuh  as part of my learning and work experience.

Wazuh's most valuable features include file monitoring and compliance reporting, which do not require excessive costs. These aspects are vital as they provide alerts for changes and facilitate the monitoring of compliance. The platform is also relatively easy to set up and operate. Reports are straightforward to extract and prove useful for compliance requirements.

I am investigating more about the community support for Wazuh. I can't provide a definitive answer yet. An issue I noticed is with tag values in certain rules not functioning properly. It's unclear if this is a design flaw or intentional. These are areas I'm still exploring.

I have been using Wazuh for about seven months.

Wazuh offers scaling options and is scalable from a mid to advanced level. However, I am still evaluating if it meets enterprise-scale requirements.

The documentation is good and provides clear instructions, though it's targeted at those with technical backgrounds.

Neutral

Before Wazuh, we used market products for our needs. We are exploring other options due to Wazuh being open source.

The initial setup of Wazuh was not complex once the requirements were understood. In a POC environment, setting up took about a day and a half.

I am spearheading this POC effort. Once completed, more people will likely be involved.

There is high potential for ROI, especially for small to medium businesses comparing Wazuh to market solutions. Wazuh offers more cost-effective options without compromising on security.

Since Wazuh is open source, the pricing for support could be applicable to medium-sized companies without much issue. However, I haven't fully explored what comes with this pricing.

We have looked into the Elastic Stac k and haven't explored integrating it with Wazuh since Elastic Stack  is no longer open source.

I would recommend Wazuh. It's a valuable tool for security operations. On a scale of one to ten, I currently rate Wazuh as a six. I may rate it higher after more experience.