Last updated: April 23, 2025 at 07:16 AM
Summary of Reddit Comments on Wazuh
Pros and Cons of Wazuh:
Pros:
- Easy to set up and use, with a nice UI and promising features: "did a POC for Wazuh, very nice UI and looks promising."
- Free tier available: "Blumira... even have a free tier."
- Low maintenance once set up: "I implemented it, it works great, very rarely do any maintenance on it once you set it up."
- Good amount of information provided: "Wazuh gives you a good amount of information."
- Offers monitoring services: "Essentially just a monitoring service."
- Good for Configuration Assessment and Vulnerability Assessment: "Go through Configuration Assessment... and Vulnerability Assessment will tell you what software needs to be patched."
- Plenty of documentation available: "Also when it comes to good sides, there are enough docs around."
- Offers threat response and avoidance: "Crowdstrike does both threat hunting... threaten avoidance."
- Support available at a cheaper cost than other alternatives: "If you want support, it is cheaper than other alternatives."
Cons:
- Not designed for enterprise use: "not designed for enterprise use... cumbersome to use with many servers."
- Manual checks may be required: "have to check each server individually... issues you need to fix."
- Not ideal for those lacking bandwidth for security alerts: "if you don't have the procedures or bandwidth... it won't get done."
- Updates can be challenging: "took a lot of time to maintain... every time I tried to update something, it would stop."
- Limited out-of-the-box functionality: "won't do much out of the box... configure it, then tweak it regularly."
- May not be suitable for all devices: "if you want to look at more than one device... isn't possible."
- Not suitable for EDR: "Wazuh is not an EDR software."
- Comparatively more manual configuration required: "it's very hands-on config to get results."
Comparison with Crowdstrike:
- Crowdstrike offers a more comprehensive solution compared to Wazuh, providing both threat hunting and endpoint protection with less manual intervention required.
- Wazuh is more of a monitoring service with the need for regular manual configuration and updates.
Other SIEM Recommendations:
- Splunk and Elastic Security are highly recommended over options like ArcSight and FortiSIEM.
- Stellar Cyber and Gravwell are suggested alternatives with unique benefits in the SIEM space.
Recommendations for Troubleshooting Wazuh Errors:
- Permissions issues can cause problems with Wazuh, and commands like
sudo chownandchmodare suggested for resolving them. - Restarting Wazuh services and ensuring components are in the same version can help resolve issues.
- Checking logs for errors and warnings can provide insights into potential problems.
Overall, Wazuh is seen as a useful tool for monitoring and assessing vulnerabilities but may require more manual configuration and maintenance compared to other enterprise solutions like Crowdstrike. Users recommend thorough testing and consideration of individual needs before implementing Wazuh or any other SIEM solution.
