Wazuh

App in the BluixApps catalog

What it is

Wazuh is an open-source Security Information and Event Management (SIEM) + XDR platform — endpoint security monitoring, log analysis, file integrity monitoring, vulnerability detection, threat intelligence. Backed by Wazuh Inc. (formerly OSSEC fork). Used at enterprise scale globally.

For SOC (Security Operations Center) teams needing OSS SIEM that competes with Splunk / Elastic Security, Wazuh is the leading option.

What it's for

  • SIEM — security event aggregation + correlation
  • XDR — extended detection and response
  • Endpoint security — agent-based monitoring on servers + workstations
  • Vulnerability detection — CVE scanning for installed packages
  • Compliance — PCI DSS, HIPAA, GDPR mapped controls

Who it's for

  • SOC teams running enterprise security operations
  • SysAdmins monitoring server security
  • MSPs providing managed security services
  • Compliance-bound orgs needing SIEM for certifications
  • Privacy-bound orgs rejecting cloud SIEM

Why teams pick Wazuh over alternatives

  • GPLv2 — fully open
  • Enterprise-grade — production at major banks, governments
  • Multi-platform agents — Linux, Windows, macOS, AIX, Solaris
  • OpenSearch backend — scalable log storage
  • Active threat intel — integration with VirusTotal, MISP
  • Backed by Wazuh Inc. — sustainable commercial enterprise

Integrations

  • Endpoint agents — Linux, Windows, macOS, container, cloud
  • Log sources — syslog, journald, AWS CloudTrail, Office 365, Azure
  • Threat intel — VirusTotal, MISP, custom IOCs
  • OpenSearch — Wazuh + OpenSearch is canonical pairing
  • Alerting — email, Slack, PagerDuty, custom webhooks
  • API — REST API for programmatic access
  • MITRE ATT&CK — mapped attack patterns

Notable users & community

  • 11k+ GitHub stars
  • Used by Booz Allen, ADP, governments worldwide
  • Backed by Wazuh Inc. with sustainable commercial enterprise
  • Active community + commercial support
  • Featured in SIEM tool comparisons

Tips & operations

  • Resource-intensive — Wazuh + OpenSearch needs significant resources
  • Plan storage — log data accumulates fast; size disk generously
  • Tune rules — false positives common; tune for environment
  • Agent deployment — plan rollout via Ansible / config management
  • Backup critical — your security history
  • Retention policy — define + enforce; compliance often requires X months

What we ship in BluixApps

  • Docker compose: Wazuh manager + Wazuh dashboard + OpenSearch (filebeat included)
  • Pinned wazuh/wazuh-manager:4.10 (release-tagged)
  • HTTPS via Let's Encrypt
  • Admin user via env config
  • Persistent volumes for all services
  • Agent enrollment documented in install report
  • Backup hook covers OpenSearch indices + Wazuh config
Read this app's deep dive on bluix.app ↗

Get this app — pick a BluixApps plan

Same catalog. Scaling tenant isolation, white-label and support tier.

TierTenantsCatalogSupportWhite-labelMonthly
Stacks119 curated stacksStandard$19/moDetailDeploy
Starter10Full catalogStandard+$15–25/mo$49/moDetailDeploy
Pro25Full catalogPriority bugfix+$15–25/mo$149/moDetailDeploy
Growth100Full catalogPriority bugfix+$15–25/mo$349/moDetailDeploy
Scale500Full catalog7-day window+$15–25/mo$799/moDetailDeploy
EnterpriseUnlimitedFull catalogPriority 7-dayBundled$1,499/moDetailDeploy

Powered by WHMCompleteSolution