Wazuh Valuable Features
Wazuh's logging features integrate seamlessly with AWS cloud-native services. There are also Wazuh agent configurations for different use cases, like vulnerability scanning, host-based intrusion detection, and file integrity monitoring.
There are three key strengths of Wazuh that stand out to me.
Firstly, Wazuh offers an enhanced HDR version that outperforms the Elastic Stack. Wazuh has achieved this by running a config or a sec in the background, which has improved the XBR for endpoint security significantly.
Secondly, Wazuh comes with built-in frameworks, such as the NISC and ISO, that make it easy to comply with various industry standards. We didn't need to configure any custom frameworks for this, as Wazuh had it built in.
Lastly, Wazuh has the ability to collect terabytes of data within seconds, which is a crucial feature for modern enterprises dealing with large amounts of data.
View full review »Some of the strengths of Wazuh that stand out for us include its scalability when deployed on Azure, its open-source nature, which allows for customization based on our needs, and its compatibility with various security solutions like threat intelligence platforms. We have encountered limitations with QRadar and Splunk in the past, which we couldn't overcome, but Wazuh has proven effective. We have successfully integrated it with 56 operators within our national telecom department, although the integration process was a bit challenging. Overall, Wazuh offers valuable features, making it a beneficial addition to our security infrastructure.
View full review »Buyer's Guide
Wazuh
March 2024
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
767,995 professionals have used our research since 2012.
We like the fact that it is open-source and free to use.
It is a total solution. We don't have to spend money, and we get almost everything we need from one source.
It's stable.
The solution can scale.
View full review »RA
Rico Agung
Informatics Engineering Lecturer at Innovation Center STMIK AMIKOM
It is excellent in terms of visualization and indexing services, making it a powerful tool for malware detection. It is easy to install, configure, and run, requiring minimum resource investment, even for small-scale deployments on personal devices.
View full review »CG
Chaitanya Ghate
Principal Architect at Calsoft
The configuration assessment and pile integrity monitoring features are decent.
View full review »Its cost-effectiveness is the most valuable aspect.
View full review »Most of our customers are satisfied with the product. The product’s interface is intuitive. We can search logs very easily.
View full review »MB
Muhammad Muaaz Bin Zaka
Software Engineer at a computer software company with 1,001-5,000 employees
The most valuable features include file integrity monitoring, Wazuh engines, Wazuh rulesets (including rulesets for Apache and firewall routers), and vulnerability detection.
The main thing I like about it is that it has an EDR. Other than that, I like that it allows us to benchmark against the standard. It even suggests ways to improve things. Wazuh helps us to research how we can meet the benchmark.
What I also like about Wazuh is that you can deploy the agents in Linux and Unix environments, such as HP, IBM, and Oracle servers. Those servers use UX and AIX environments. The solution has Solaris agents, too. It has agents for all platforms.
The product is good for security-related features like monitoring, active response, and for vulnerabilities. I'm currently using the whole feature setup for Azure, from A to Z, everything. Wazuh enables me to monitor my whole infrastructure. I have Windows Linux and the firewalls are also integrated with Wazuh.
View full review »I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems.
There are three other features I find valuable. First, Wazuh helped me harden the appliances. Second, Wazuh gives me the opportunity to check the hardness through the CIS benchmarks and the other controls, such as Windows auditing policies. On the other hand, I have found it to be more useful for the PCI DSS compliance as it gives a very clear view regarding the benchmark of the PCI DSS. Last, Wazuh is most famous for the SIEM. The solution gives integrity monitoring for the specific file and updates on the real-time monitoring if the hashes change.
View full review »They are very good for endpoint security monitoring.
Windows machine monitoring is good. It's very easy to track threats.
It's very capable of finding even low-level threats on endpoint machines.
If they support a solution, it is easy to do an integration.
The solution is stable and reliable.
It can scale.
There is lots of good documentation.
The setup is easy.
View full review »The vulnerability assessment and scoring of Wazuh is the most important feature that we have found.
It also integrates well with Windows and different types of operating systems as well, so we found it very easy to deploy.
It is stable.
The deployment is easy, and they provide very good documentation.
It can scale well.
Technical support is quite helpful.
View full review »Wazuh is simple to use for PCI compliance.
View full review »There are two features that stand out. Wazuh automatically scans the host for CIS benchmarks for the latest updates and vulnerabilities and gives a host score. It provides a percentage of perceived risk due to of non patches or any missing patches on that work. Second, we can configure the logs per our requirement.
View full review »The reporting and attractive dashboard are the most valuable features. We used Splunk, but it was a bit expensive. On the other hand, Wazuh has very flexible and robust features.
I like the cloud-native infrastructure and that it's free. We didn't have to pay anything, and it has the capabilities of many premium solutions in the market. We could integrate all of our services and infrastructure in the cloud with Wazuh. From an integration point of view, Wazuh is pretty good. I had a good experience with this platform.
The solution's most valuable feature is its SCA capabilities.
View full review »The solution is easy to integrate with other SOC tools. Also, it has a lot of capabilities like active response, cloud security, etc.
View full review »It offers built-in modules for file integrity and vulnerability management. This provides the convenience of having these features integrated into one platform rather than using separate dedicated tools. Wazuh's comprehensive compliance with various modules aligns well with our organization's needs, making it a highly suitable and efficient solution.
Wazuh can integrate with various open-source and paid products, allowing for flexibility in customization based on use cases. Wazuh supports multiple use cases, allowing for in-depth customization. Additionally, Wazuh incorporates detection mechanisms such as tracing, shared internal suites, and leveraging third-party feeds. Machine learning mechanisms are also built to enhance detection capabilities, helping identify suspicious or anomalous behavior. It is open-source nature, which allows for widespread adoption and community support. The growing community contributes to its continued development and improvement.
View full review »The tool is stable.
View full review »It's very easy to integrate Wazuh with other environments, cloud applications, and on-prem applications. So, the advantage is that it's easy to implement and integrate with other solutions.
View full review »Wazuh's best features are syscheck, its ability to immediately resolve vulnerabilities, and that it's open source.
View full review »I like that the solution is on top of the Kubernetes stack.
View full review »MU
reviewer2263155
Lead Security Engineer at a tech services company with 201-500 employees
I like Wazuh because it is a lot like ELK, which I was already comfortable with, so I didn't have to learn from scratch. Another good thing about Wazuh is that it's open-source.
View full review »Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises.
The most valuable features are the modules and metrics. The asset inventory and everything from the agent and the capabilities to integrate the Windows Defender directly into the SIEM solution.
I like the features we use, including malware detection, inventory, detection of hidden processes, and activity logs. Inventory is probably the most important feature. It tells us when processes and packages were installed and what they are, which is helpful.
View full review »RS
reviewer1804125
Tech Lead Security at a comms service provider with 51-200 employees
The most valuable feature of Wazuh is the ELK for doing an investigation.
View full review »SP
reviewer1593909
Chief Information Security Officer at a financial services firm with 501-1,000 employees
The MITRE ATT&CK correlation is most valuable.
View full review »VS
reviewer2342391
Security engineer at a tech services company with 51-200 employees
Wazuh's most beneficial features for our security needs are flexibility, built-in rules, integration capabilities, and documentation.
View full review »JK
reviewer1785186
CBO at a security firm with 11-50 employees
The log monitoring and analysis tools are great in addition to SIEM file activity monitoring.
View full review »Buyer's Guide
Wazuh
March 2024
Learn what your peers think about Wazuh. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
767,995 professionals have used our research since 2012.