We changed our name from IT Central Station: Here's why

Wazuh OverviewUNIXBusinessApplication

Wazuh is #26 ranked solution in Log Management Software. PeerSpot users give Wazuh an average rating of 6 out of 10. Wazuh is most commonly compared to Splunk: Wazuh vs Splunk. The top industry researching this solution are professionals from a comms service provider, accounting for 41% of all views.
What is Wazuh?

Wazuh is an IT Security company that develops and integrates open source technologies, building a comprehensive open source platform, based on OSSEC, for endpoint and infrastructure security monitoring, offering professional services to support enterprise users. We are headquartered in Silicon Valley and are excited to grow our team of security engineers in the Granada office. Strong English verbal and written skills are mandatory as the majority of our accounts, including several Fortune 100 Companies, are international.

Buyer's Guide

Download the Log Management Buyer's Guide including reviews and more. Updated: January 2022

Wazuh Video

Wazuh Pricing Advice

What users are saying about Wazuh pricing:
"Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk."

Wazuh Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Robert Cheruiyot
IT Security Consultant at Microlan Kenya Limited
Real User
Top 5
Good integration with other platforms but not easily scalable and lacks threat intelligence
Pros and Cons
  • "It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions."
  • "Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh."

What is most valuable?

It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.

What needs improvement?

Wazuh doesn't cover sources of events as well as Splunk. You can integrate Splunk with many sources of events, but it's a painful process to take care of some sources of events with Wazuh. It's hard to really go into what Wazuh should add. If we call for Wazuh to improve one thing, then many things have to be improved. So if Wazuh's primary purpose is to cover the logs, then we can't really keep asking them to cover endpoints as well. And Wazuh doesn't have threat intelligence, to my knowledge. It can integrate with other sources of threat intel, but I haven't seen a native threat intel platform. Many people subscribe to Splunk for this platform. You can integrate threat intelligence from other solutions, but I haven't seen this feature in Wazuh.

For how long have I used the solution?

I only started working with Wazuh recently. 

What do I think about the stability of the solution?

It seems like they're constantly updating Wazuh, and it causes some instability. So you get a lot of updates after a short while, and there are so many things that Wazuh is trying to implement. When I see these rapid changes, it means the Wazuh team is trying to implement some of the things that are not yet implemented. So when you implement new features, you only have to understand that it's not covering many sources of events. That's where I would say stability becomes an issue.

What do I think about the scalability of the solution?

Wazuh is not easily scalable. You have to consider the sources of events and maybe the amount of traffic. I think it's still a solution that's not easily adaptable to a massive amount of information.

How are customer service and support?

Our current clients are happy with Wazuh support. One client upgraded from the basic open-source package to a support subscription, so I haven't heard any complaints from that person since.

How was the initial setup?

Wazuh is a straightforward platform to set it up in a new environment. I wouldn't say it's complex. Another platform I used had a lot of licenses that were a pain to implement. Of course, after I implemented these licenses, it was very nice to work with. But Wazuh and Splunk are effortless to deploy.

What's my experience with pricing, setup cost, and licensing?

Wazuh is open-source, so I think it's an option for a small organization that cannot go for enterprise-grade solutions like Splunk.

What other advice do I have?

I would rate Wazuh a six out of 10. It's hard to compare Wazuh to commercial solutions like Splunk. It's fairer to evaluate the open-source tools together. So if I were to rate Wazuh alongside other open-source platforms, I would say it's the best in that category. 

If customers are considering Wazuh, they should think about what kind of coverage they want. If they're focusing on the logs and threat monitoring, maybe Wazuh is okay by itself, but it's not something that provides traffic monitoring. Still, you can root out threats on your network using the logs. It's valuable information. So if you are looking to cover that scope, that's well and good. And if you're not familiar with this product, it's essential to have support. You can buy a subscription for support. So you need to know that Wazuh only covers logs and you need to consider if it suits your needs in terms of scalability. If you are comfortable with these few things, then Wazuh is okay. The solution is good. And if you need something for endpoint protection, Opex is another open-source tool used to monitor the endpoints for anything suspicious

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Chief Information Security Officer at a financial services firm with 501-1,000 employees
Real User
Stable with good MITRE ATT&CK correlation, but needs a better user interface

What is our primary use case?

We collect logs in it, and then we correlate logs against the MITRE ATT&CK framework. We have configured some notifications.

What is most valuable?

The MITRE ATT&CK correlation is most valuable.

What needs improvement?

Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs.

For how long have I used the solution?

I have been using this solution for the last two years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

I am not sure about scalability. We have a total of seven users. Our department has two people, and there are five people from the IT department. We don't have any plans to increase its usage at…

What is our primary use case?

We collect logs in it, and then we correlate logs against the MITRE ATT&CK framework. We have configured some notifications.

What is most valuable?

The MITRE ATT&CK correlation is most valuable.

What needs improvement?

Its user interface for sure can be improved. It is not so comfortable to use if you're looking for specific logs.

For how long have I used the solution?

I have been using this solution for the last two years.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

I am not sure about scalability. We have a total of seven users. Our department has two people, and there are five people from the IT department. We don't have any plans to increase its usage at this time.

How are customer service and technical support?

I didn't use their technical support.

How was the initial setup?

I was not involved in its installation. I am just using it.

What about the implementation team?

Other colleagues from the IT department handle its installation. 

What other advice do I have?

For our usage, I would rate Wazuh a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate