Wazuh as complete SIEM

[Ameer Shariff]

Hello Everyone,

We are considering to implement complete open source SIEM for our environment. Will wash work as complete SIEM solution ? There are many debate considering Graylog. 

Any advice from you experts will be of real great help in designing the solution.

Thanks.

[Miguel Eduardo Sanchez]

Hi Ameer,

I hope you are doing well.

I can provide a few documentation articles that can help you determine the features that sets Wazuh apart.

The first thing to say is that Wazuh is an integral security platform that is more than an EDR, HIDS or SIEM as it has features of all of them on a single solution. So if we list some of the capabilities:

• Intrusion detection
• Logs collection
• File Integrity Monitoring
• System inventory
• Vulnerability detection
• Configuration assessment
• Incident response
• Cloud security monitoring
• Container monitoring

All of this features can be used with the same agent and that is another advantage as you won't need different agents for different capabilities. All of this modules or features can be centrally managed through Wazuh so it's very easy to change any configuration and this will be automatically pushed to all the agents at once.

Wazuh also has a powerful integration module that let's you externally integrate with almost any API (https://documentation.wazuh.com/4.0/user-manual/manager/manual-integration.html)We take advantage of the Elasticsearch power for indexing and long term storage of the alerts and raw events. Wazuh can also integrate with others SIEM solutions like Splunk.

Finally and maybe this is the best of all: Wazuh is flexible, scalable, no vendor lock-in and no license cost. Excellent free community support and trusted by thousands of enterprise users.

Hope you find this documents and information helpful.

Thanks for contacting us.

Miguel E. Sanchez

Wazuh, Inc.