Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring. 

There are three key strengths of Wazuh that stand out to me. 

Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly.

Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in.

Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.

Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms. We have encountered limitations with QRadar and Splunk in the past, which we couldn't overcome, but Wazuh has proven effective. We have successfully integrated it with 56 operators within our national telecom department, although the integration process was a bit challenging. Overall, Wazuh offers valuable features, making it a beneficial addition to our security infrastructure.

We like the fact that it is open-source and free to use. 

It is a total solution. We don't have to spend money, and we get almost everything we need from one source. 

It's stable.

The solution can scale. 

It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection. It is easy to install, configure, and run, requiring minimum resource investment, even for small-scale deployments on personal devices.

The configuration assessment and pile integrity monitoring features are decent.

Its cost-effectiveness is the most valuable aspect.

Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.

The most valuable features include file integrity monitoring, Wazuh engines, Wazuh rulesets (including rulesets for Apache and firewall routers), and vulnerability detection.

The main thing I like about it is that it has an EDR. Other than that, I like that it allows us to benchmark against the standard. It even suggests ways to improve things. Wazuh helps us to research how we can meet the benchmark.

What I also like about Wazuh is that you can deploy the agents in Linux and Unix environments, such as HP, IBM, and Oracle servers. Those servers use UX and AIX environments. The solution has Solaris agents, too. It has agents for all platforms.

The product is good for security-related features like monitoring, active response, and for vulnerabilities. I'm currently using the whole feature setup for Azure, from A to Z, everything. Wazuh enables me to monitor my whole infrastructure. I have Windows Linux and the firewalls are also integrated with Wazuh. 

I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems. 

There are three other features I find valuable. First, Wazuh helped me harden the appliances. Second, Wazuh gives me the opportunity to check the hardness through the CIS benchmarks and the other controls, such as Windows auditing policies. On the other hand, I have found it to be more useful for the PCI DSS compliance as it gives a very clear view regarding the benchmark of the PCI DSS. Last, Wazuh is most famous for the SIEM. The solution gives integrity monitoring for the specific file and updates on the real-time monitoring if the hashes change.

They are very good for endpoint security monitoring. 

Windows machine monitoring is good. It's very easy to track threats. 

It's very capable of finding even low-level threats on endpoint machines.

If they support a solution, it is easy to do an integration.

The solution is stable and reliable.

It can scale.

There is lots of good documentation.

The setup is easy.

The vulnerability assessment and scoring of Wazuh is the most important feature that we have found. 

It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.

It is stable. 

The deployment is easy, and they provide very good documentation.

It can scale well.

Technical support is quite helpful.

Wazuh is simple to use for PCI compliance.

There are two features that stand out. Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work. Second, we can configure the logs per our requirement. 

The reporting and attractive dashboard are the most valuable features. We used Splunk, but it was a bit expensive. On the other hand, Wazuh has very flexible and robust features.

I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform.

The solution's most valuable feature is its SCA capabilities.

The solution is easy to integrate with other SOC tools. Also, it has a lot of capabilities like active response, cloud security, etc.

It offers built-in modules for file integrity and vulnerability management. This provides the convenience of having these features integrated into one platform rather than using separate dedicated tools. Wazuh's comprehensive compliance with various modules aligns well with our organization's needs, making it a highly suitable and efficient solution.

Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.

The tool is stable.

It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.

Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source.

I like that the solution is on top of the Kubernetes stack.

I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch. Another good thing about Wazuh is that it's open-source.

Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises.

The most valuable features are the modules and metrics. The asset inventory and everything from the agent and the capabilities to integrate the Windows Defender directly into the SIEM solution.

I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful.

The most valuable feature of Wazuh is the ELK for doing an investigation.  

The MITRE ATT&CK correlation is most valuable.

Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation.

The log monitoring and analysis tools are great in addition to SIEM file activity monitoring.