We use the solution for event monitoring.

The tool is stable.

The rules are hard coded. The tool doesn't detect anomalies or new environments. The product lacks AI features. We have to do a lot of manual searching.

I have been using the solution for about eight months.

The tool is scalable for our use cases. Five to ten people use the solution in our organization. We need one administrator to monitor and improve our solution.

We did not contact support. Our company’s security personnel set everything and documented it.

We use Elastic Stack for logs.

The deployment was straightforward. It took two to three months. We needed two people for deployment.

We did the deployment in-house with the help of our security personnel and someone from the DevOps team.

The product is cheaper compared to other tools. Depending on the logs, the product costs $200 to $400. We currently have five servers.

We evaluated Google Cloud.

When Google contacted us, we were looking into an AI solution. Our implementation is rather basic. Overall, I rate the solution an eight out of ten.

We primarily use Wazuh for internal security monitoring to ensure the safety of our organization's internal systems. We have two specific requirements: first, we use it to monitor our internal operations, which is essential for general security purposes. Second, we rely on Wazuh to manage the security of the National Telecom department's specialized software. This second requirement involves using multiple SOC solutions. However, within our organization, Wazuh's main focus is on monitoring our internal software.

Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms. We have encountered limitations with QRadar and Splunk in the past, which we couldn't overcome, but Wazuh has proven effective. We have successfully integrated it with 56 operators within our national telecom department, although the integration process was a bit challenging. Overall, Wazuh offers valuable features, making it a beneficial addition to our security infrastructure.

One area where Wazuh could use some improvement is in its reporting mechanism, especially for high-level management like CSOs and CEOs. Creating executive-level reports can be a bit time-consuming and requires a lot of fine-tuning to meet specific organizational requirements. It would be helpful if Wazuh offered more standardized use cases commonly seen in the industry, reducing the effort needed for customization and fine-tuning. Overall, enhancing reporting features and providing standard use cases would be a valuable improvement for Wazuh.

I have been using Wazuh for almost five years.

I would rate the stability a seven out of ten. We had a few issues with it.

Wazuh is very scalable. I would give it a ten out of ten for scalability. 18 people use the solution at my company.

The initial setup of Wazuh was relatively straightforward, with installation being easy and not time-consuming. Challenges were minimal, thanks to the availability of comprehensive documentation, guides, and forums providing ample information. In summary, the installation process was smooth and well-supported by available resources. Installation took about 30 minutes, but integration took a few months.

I would definitely recommend Wazuh to others. Overall, I would rate it a nine out of ten. 

It is used primarily for event management in our organization, which falls into the category of an edge Intrusion Detection System (IDS) or host Internet protection system. Our company is not very large, with around twenty to thirty servers and approximately one hundred fifty to two hundred endpoints. Wazuh serves as a centralized platform for collecting security events and managing vulnerabilities across your systems. Its main purpose is to analyze and improve the overall security posture of our organization.

Before the deployment of Wazuh, we faced challenges related to vulnerability management and version change history. Vulnerabilities often went unreported, and there was no organized system for managing vulnerabilities. Since we implemented it, there has been a notable improvement. Vulnerabilities have significantly decreased, with nearly fifty percent of servers now reporting zero vulnerabilities. This positive change is attributed to regular reporting, remediation efforts, and frequent system updates.

It offers built-in modules for file integrity and vulnerability management. This provides the convenience of having these features integrated into one platform rather than using separate dedicated tools. Wazuh's comprehensive compliance with various modules aligns well with our organization's needs, making it a highly suitable and efficient solution.

It is an open-source tool with a strong community. We had positive experiences with community support, having received solutions for most of your inquiries in the past. However, it would be beneficial if Wazuh could provide clearer guidance or tutorials on how to add components to the user interface (UI), especially when integrating tools that aren't inherently supported by Wazuh. A more structured approach, perhaps with modular UI components, to facilitate easier integration and navigation within the Wazuh platform for such custom integrations would be beneficial.

I have been working with it for the last three years.

The stability capabilities are almost perfect. I would rate it nine out of ten.

It offers excellent scalability features. I would rate it nine out of ten.

Their customer support services are excellent. I would rate it nine out of ten.

Positive

We use other tools like SpamTitan and Fortis for specific purposes. SpamTitan is employed for email spam filtering and Fortis for client-related tasks. These tools complement our overall cybersecurity and client management efforts.

While generally straightforward, there were some challenges during the initial setup process, particularly when dealing with certificate-related issues. I would rate it seven out of ten.

The deployment took a total of five days, involving three individuals. Once deployed, the solution is efficiently maintained by just one person.

Wazuh is an open-source tool, which means it is freely available for use.

I recommend it for its flexibility and adaptability to specific organizational needs. I would rate it eight out of ten.

The primary use case for Wazuh is the detection of malware.

It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection. It is easy to install, configure, and run, requiring minimum resource investment, even for small-scale deployments on personal devices.

Improving the abilities related to security threat mapping, such as threat map landscape visualization, would be a great benefit. Adding the flexibility to integrate various plug-ins or modules into its core system would enhance functionality.

I have been working with it for two years.

I would rate the stability eight out of ten.

I used Azure documentation and report storage, while researching other internet resources to gain a broader perspective on different product capabilities that are available for learning and deployment needs. Wazuh offers excellent features.

When I contacted customer care, they mentioned bundling options, that I found to be overall affordable.

I would recommend this product to other users in the field of cybersecurity. It provides enhanced network security and many useful features. It is easy to use, with a pricing structure that is more affordable compared to other options. I would rate it eight out of ten.

We use Wazuh as a SIEM instead of Logstash, so it's like a managed version of ELK. We customized queries and search detection according to that. The good thing is that it also provides a module called Monitor, and using that, we set up alerts to Slack or email. Then, based on Slack, we implemented an automation to prevent things as per our demands.

I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch. Another good thing about Wazuh is that it's open-source.

A lot of things could be improved with Wazuh. A company I worked with used this product with their customizations since Wazuh is missing many things that a typical SIEM should have. One thing that was missing was log source management. We didn't have any modules for that. Wazuh's parsing is very complex. You must write decoders to make it as easy as in other SIEMs, like in QRadar.

The stability and scalability could be improved.

I've been working on Wazuh for about eight months.

I am 60% confident in Wazuh's stability. I have one client, and I have been facing stability issues. I have to troubleshoot the solution every second or third month.

I am 60% confident in Wazuh's scalability.

The initial setup is very easy. It is exactly like ELK. You deploy Elasticsearch, Wazuh, and Kibana. It took one day to deploy the solution.

For deployment, you need to plan how many resources you need. For example, if it's a Linux machine, you just download the required binaries from their site. After that, unzip the folder downloaded from their site, and then you just want a couple of scripts, and it will install Elasticsearch. You would do the same for Logstash, Wazuh, or Kibana. You must configure the solution a little to ensure that Logstash or Elasticsearch recognizes Kibana, so you have to provide the IPs and all that. Then, the solution is all set up.

My client uses the open-source version of Wazuh.

Wazuh is a cloud-based SIEM solution that can be deployed on-prem. Wazuh has the same capabilities as ELK: Elastic, Logstash, and Kibana. You can integrate devices with Wazuh and deploy use cases according to your demands. For example, in the financial sector, you will have your detections according to finance. In the education sector, you will have different use cases. It all depends on the client.

The solution is open-source, and I can't access technical support. I have been searching for someone to assist me, but my team and I have always been figuring out how to work with the solution.

I rate Wazuh a five-point five out of ten.

I wouldn't tell anyone not to use Wazuh. They can still choose if it fits in their budget, but I would ask them to plan first. And instead of going all in one, I recommend they use separate instances for separate modules to ensure the solution is scalable and stable. They should not use one instance for all of their modules. When their log or your business size grows, they will have more logs and then have to deal with stability issues.

Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.

The implementation is very complex.

We are resellers of the product.

The tool is stable. We had issues later when the storage space was full. We had to change the location of the logs because the customer did not point the logs to the right storage. I rate the tool’s stability an eight out of ten.

The scalability might be a challenge since we use the on-premise version. The system crashed when the disc was full of log data. It was a challenge. In our customer’s organization, 50 people are using the product.

Our customers get technical support from us. They do not receive support from Wazuh.

We need very skilled staff to implement the tool.

The implementation took two to three weeks. Configuring the log collector from the servers was not very simple. Sometimes, we need to write some scripts and find specific assets. It is not a fully integrated solution. We need to set up three different elements. We needed three people to deploy the product. Our customers need only two people to maintain the tool.

It is an open-source product. Apart from the implementation cost, our customers do not have to pay for the license.

I was not directly involved in the implementation process. I was supervising the team. We did not try to integrate the tool with other security products. Our customers wanted to integrate it with Active Directory. They also wanted to collect logs from a feature service. I know that the product has a cloud version. The problems we face with the on-premise version might be solved on the cloud version. People looking to use the product must be ready to learn and study the product. It is not easy to handle. 

Overall, I rate the product an eight out of ten.

We use the solution for vulnerability metrics, auditing, and detecting SQL injection attacks.

The solution's most valuable feature is its SCA capabilities.

There could be a hardware monitoring tool for the solution. It helps reduce the cost of utilizing external resources for the same.

We have been using the solution for five to six months.

I rate the solution's scalability a ten out of ten. We have enterprise business clients.

We are currently evaluating the cost of the solution's support services.

We have multiple teams using the solution in the virtual environment. It was easy to deploy for a few teams while challenging for others.

I rate the solution's pricing a seven out of ten.

I rate the solution a seven out of ten. There needs to be monitoring for the hardware similar to Zabbix and Nagios solutions.

We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company. 

So it can detect more than just games. You can customize it to detect specific software. We have a whitelist of approved software, and Wazuh compares it with the software installed on the device. If there are any mismatches, it reports it to us. So, for instance, we can whitelist Facebook, Blackboard, and YouTube.

Since it's an open-source tool, scalability is the main issue. We haven't paid for it, so if we want to scale it, we would need to purchase the enterprise version, which can be quite expensive. So scalability and limited support are the main limitations of the free version.

We started in December, so it has been six months now. We are using the open-source version of Wazuh.

Eight of us in the security team are using Wazuh.

We are not allowed to contact the support team on a one-on-one basis in the free version. However, we can post our queries in the community forum, where other users share their experiences and provide assistance.

The initial setup was pretty straightforward. They provide documentation that guides us through the process.

We are using the cloud version. We have deployed it on GCP (Google Cloud Platform).

So if budget is not an issue, you should consider other options. And if you want to save costs, the open-source or Wazuh enterprise would be suitable.

Wazuh is a good tool, but the open-source version has scalability limitations.

If you have the budget, I would suggest looking into other options. However, if you want to secure your endpoints without significant investment, Wazuh is a good tool. Just keep in mind that it may not scale well beyond a few thousand devices.

I would rate the open-source version as five out of ten.

We are using Wazuh for security information and event management, PCI DSS compliance, auditing, real-time sensitive monitoring, and meeting regulatory requirements.

There were certain tasks we couldn't carry out before. However, with Wazuh, we found a solution within a single platform. It only required a one-time effort to set up and configure the version. After that, it's just about monitoring the alerts and making revisions. No additional efforts are needed.

The most valuable features include file integrity monitoring, Wazuh engines, Wazuh rulesets (including rulesets for Apache and firewall routers), and vulnerability detection.

There is room for improvement in Wazuh, but it's possible they are already working on it. The only challenge we faced with Wazuh was the lack of direct support. They charge for support, whether it's five days a week or seven days a week. We don't expect it to be free because revenue is generated through the support they provide. 

In future releases, I would like to see a feature. There is one feature we observed in a premium tool in the industry called Dynatrace. It provides automatic relations between different devices and components. For instance, if you receive a web login request, Dynatrace can trace and show you the path it takes from the firewall to the switch, then to the Apache server, the actual job application, and finally back to the client. It intelligently correlates all the components involved in a single event. 

If Wazuh could include this feature, where all the components are integrated, it would automatically relate them for any activity in your environment.

We have been working with Wazuh for the last year. We currently use the latest version.

Sometimes, it has disturbances, but at the end of the day, it's not Wazuh but, actually, the configurations that engineers do sometimes do not have compatibility. So at that time, we face issues, but as of now, Wazuh has not disappointed us in any way.

It is scalable. We can add a new machine or server, install the components, and inform the other components about its IP address. We add it to the cluster, and a restart of the cluster is all that's needed to integrate the new component.

While there are many people involved, only three or four security engineers manage and oversee the events collected and provided by Wazuh.

We used Splunk primarily for log management purposes. There were no extra security modules or playbooks involved. We indexed the logs, built dashboards, generated reports, and set up alerts. That was the extent of our usage, without any additional security features.

The initial setup was not complex. We had prior experience with Elastic and Elk, so the deployment of Wazuh was quite familiar to us. It wasn't a major challenge.

However, we do need maintenance as we need to upgrade the version periodically. During maintenance, we have to switch off all the endpoints, turn off all the components, and then power off one by one to upgrade them to the latest version. This is done during a maintenance window.

One or two engineers are usually enough to handle the maintenance tasks.

In terms of the deployment plan, if we exclude the endpoints (monitored servers), we have multiple nodes for each component: indexer, manager, and dashboard. We also implemented an NGINX-based load balancer, following the documentation provided by Wazuh on configuring NGINX as a load balancer. This helps in load disturbance and redundancy, so we don't have a single point of failure when any server goes down.

The deployment process took approximately one to two weeks to fully test and deploy the system. We had to spend time on research and development to properly configure everything. The resources mainly involved Linux servers. There were not many additional resources involved beyond that.

We evaluated LogRhythm, which is an excellent intelligence-based tool. However, it comes with a high cost for the intelligence features. Wazuh lacks AI or machine learning capabilities, but otherwise, it has all the necessary capabilities for a similar solution.

I would advise you to carefully follow the documentation. It is straightforward and to the point. If any issues arise, the Wazuh Slack community is highly active and responsive. They can provide assistance within 24 hours or even less, helping with any deployment or management challenges.

Wazuh offers numerous features, such as the ability to define custom rules for detecting malicious activities and remembering behaviors. Unlike some paid tools, Wazuh is extensive and extendible and allows integration with open-source tools and scripts. It is flexible, reliable, and open-source, which is its biggest advantage. 

Overall, it is a good solution. I would rate the solution a nine out of ten. Considering that Wazuh is open source and free of cost while providing all the necessary features, I would rate it nine or ten. I lean towards ten because it offers a comprehensive solution without any financial burden. However, compared to industry leaders like LogRhythm and Splunk, which have machine learning modules, Wazuh lacks in that aspect. So, overall, I would rate it nine, but because of its cost-effectiveness, it deserves a ten.

We use the solution for endpoint detection and response. It helps us detect malicious files.

The solution is easy to integrate with other SOC tools. Also, it has a lot of capabilities like active response, cloud security, etc.

The solution's configuration could be faster.

We have been using the solution for two months.

The solution is easy to install. However, it takes a long time to configure.

It is a stable solution.

It is an open-source solution.

I recommend the solution to others and rate it a seven. It has many features and integrates with other substitutes like QRadar, Hive, etc.