Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?
-
Hi,
I was willing to set up Graylog 2 for longer, it was not so easy for me to get it to work. I always try to spin new open-source tools in free time, even if I don't use them in production.
Recently I came across Wazuh software https://wazuh.com , I'm surprised by multiple features, few of them I can't digest, and few of what I"m aware is Integrity Monitor, is it alternative for Manage Engine's Data Security Plus? and alternative for Graylog 2?
After enough research I thought there is no solid open source SIEM, but Wazuh seems close to good?
-
@IRJ does
-
In a deployment that we did, we ran into some serious limitations with Wazuh where it couldn't be used for multiple sites. Not a limitation that I investigated, but @irj did and couldn't find a workaround.
Other apps like it, like Graylog and Zabbix, we were able to work around those limitations and can use them for multiple sites / companies.
-
@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
Hi,
I was willing to set up Graylog 2 for longer, it was not so easy for me to get it to work. I always try to spin new open-source tools in free time, even if I don't use them in production.
Recently I came across Wazuh software https://wazuh.com , I'm surprised by multiple features, few of them I can't digest, and few of what I"m aware is Integrity Monitor, is it alternative for Manage Engine's Data Security Plus? and alternative for Graylog 2?
After enough research I thought there is no solid open source SIEM, but Wazuh seems close to good?
Wazuh is the best I've found so far, and have used it at a couple of places now. Wazuh includes a lot more reporting out of the box than any other open source SEIM, which makes it an easy choice.
I'm not familiar with Manage Engine Data Security Plus, so no idea how it compares to that.
-
I played with it a bit to see if it was worth deploying and it was more than we were looking to deal with at the time. Can't comment on the multi-tenant / multi-customer aspect but it seemed like a decent solution for someone looking to run a SIEM or compliance-monitoring solution. Also has a few of the better-known compliance base-lines configured and available out-of-the-box if my memory is correct.
To answer your initial question, I think it comes down to what functions you're using in those other products.
-
@IRJ Appreciate your inputs!
-
@scottalanmiller said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
In a deployment that we did, we ran into some serious limitations with Wazuh where it couldn't be used for multiple sites. Not a limitation that I investigated, but @irj did and couldn't find a workaround.
Other apps like it, like Graylog and Zabbix, we were able to work around those limitations and can use them for multiple sites / companies.
My scenario is for a single site, so no issues on this for me.
-
@travisdh1 said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
I'm not familiar with Manage Engine Data Security Plus, so no idea how it compares to that.
Manage Engine Data Security Plus = File server auditing - monitor, alert, and report on all file accesses and modifications made to your file server environment.
I really need this kind, to monitor our Windows File server shares, once in a while, people come to ask me who deleted or modified these etc.
-
@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
@IRJ Appreciate your inputs!
What do you want me to say? I've used it in labs and production environments. It works well and you can write custom rules.
You can search this forum and raise any questions in any topics that exist or create a new thread. I generally try to shy away from general questions like this. If you have any specific questions, then ask.
-
@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
@travisdh1 said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
I'm not familiar with Manage Engine Data Security Plus, so no idea how it compares to that.
Manage Engine Data Security Plus = File server auditing - monitor, alert, and report on all file accesses and modifications made to your file server environment.
I really need this kind, to monitor our Windows File server shares, once in a while, people come to ask me who deleted or modified these etc.
@IRJ Is Wazuh can do something like this? once I install an Agent on Windows File Server?
-
@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
@travisdh1 said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
@openit said in Is someone using Wazuh? Is alternative for Graylog, ME Data Security etc.?:
I'm not familiar with Manage Engine Data Security Plus, so no idea how it compares to that.
Manage Engine Data Security Plus = File server auditing - monitor, alert, and report on all file accesses and modifications made to your file server environment.
I really need this kind, to monitor our Windows File server shares, once in a while, people come to ask me who deleted or modified these etc.
@IRJ Is Wazuh can do something like this? once I install an Agent on Windows File Server?
Yes it can. You can also exclude file types or directories to reduce false positives
-
Going to give this a try tomorrow.
