Wazuh is a SIEM platform with various applications in today's environment. Compliance checks have helped with regulatory requirements. I pulled in PCI DSS to check for file integrity monitoring. I completed one project where I removed malware.
The valuable features of Wazuh include being open source and having the capacity to be used for anything desired. It allows for creating new automations, whereas other Software as a Service platforms have their own business models. With this open source tool, organizations can establish their own customized setup.
That would require me to discuss with the Wazuh team regarding areas that could be improved, as I have numerous ideas. From a developer's perspective, this is a Linux system with an active community and dense documentation. There are many people sharing different projects of similar tasks, which is beneficial.
In the proof of concept documentation, it's a mixture of Windows, whereas they also catered to Ubuntu. I'm referring to apt and yum languages for downloading the server indexer. I downloaded in apt, but their first proof of concept is in yum, so I must change languages. This is something I do not prefer because I prefer a more uniform language. When running in production, I'm on a time crunch as time is money.
Wazuh could improve by creating videos on YouTube covering installation, use cases, and integration of third-party APIs for different scenarios that other SAAS services provide. While Wazuh provides these features, one must read their documentation thoroughly to customize it. This is a great feature, but initially, I don't have time to scan multiple items. They could make it more uniform and developer-friendly. As a software engineer, it takes considerable time, but as a businessman, I need to complete tasks quickly and need that flexibility.
It is relatively simple to set up Wazuh. I would give it a 7 out of 10. I have set up more complicated systems, so 7 is a good rating.
Wazuh requires substantial maintenance. The indexer frequently times out, requiring system restarts. When it comes to errors, debugging takes considerable time.
I spoke with Wazuh support today regarding a quote. I would rate Wazuh support an 8 out of 10. They responded quickly, which was crucial as I was on a time constraint.
It took one day to deploy Wazuh.
Due to confidentiality, I cannot share specific quantifiable benefits that deploying Wazuh has brought to my company. However, it resulted in cost reduction by avoiding lump sum payments and providing the benefit of having our own system.
Wazuh is free to use, but there are licensing fees for third parties. Their consultancy fee and support fees are relatively high. On a scale of 1 to 10, I would rate their consultancy and support fees a 5.
Wazuh can incorporate third parties and utilizes artificial intelligence for various features. Wazuh integrates effectively, deserving a solid 9 rating. That aspect is straightforward.
I would be willing to provide a review for products I have experience with. I recommend Wazuh to everyone and believe more platforms, not just SIEM and XDR capability platforms, should be open source, allowing people to leverage these tools for the greater good. I support it completely. Overall, I rate Wazuh 8 out of 10.