Wazuh
App in the BluixApps catalog
What it is
Wazuh is an open-source Security Information and Event Management (SIEM) + XDR platform — endpoint security monitoring, log analysis, file integrity monitoring, vulnerability detection, threat intelligence. Backed by Wazuh Inc. (formerly OSSEC fork). Used at enterprise scale globally.
For SOC (Security Operations Center) teams needing OSS SIEM that competes with Splunk / Elastic Security, Wazuh is the leading option.
What it's for
- SIEM — security event aggregation + correlation
- XDR — extended detection and response
- Endpoint security — agent-based monitoring on servers + workstations
- Vulnerability detection — CVE scanning for installed packages
- Compliance — PCI DSS, HIPAA, GDPR mapped controls
Who it's for
- SOC teams running enterprise security operations
- SysAdmins monitoring server security
- MSPs providing managed security services
- Compliance-bound orgs needing SIEM for certifications
- Privacy-bound orgs rejecting cloud SIEM
Why teams pick Wazuh over alternatives
- GPLv2 — fully open
- Enterprise-grade — production at major banks, governments
- Multi-platform agents — Linux, Windows, macOS, AIX, Solaris
- OpenSearch backend — scalable log storage
- Active threat intel — integration with VirusTotal, MISP
- Backed by Wazuh Inc. — sustainable commercial enterprise
Integrations
- Endpoint agents — Linux, Windows, macOS, container, cloud
- Log sources — syslog, journald, AWS CloudTrail, Office 365, Azure
- Threat intel — VirusTotal, MISP, custom IOCs
- OpenSearch — Wazuh + OpenSearch is canonical pairing
- Alerting — email, Slack, PagerDuty, custom webhooks
- API — REST API for programmatic access
- MITRE ATT&CK — mapped attack patterns
Notable users & community
- 11k+ GitHub stars
- Used by Booz Allen, ADP, governments worldwide
- Backed by Wazuh Inc. with sustainable commercial enterprise
- Active community + commercial support
- Featured in SIEM tool comparisons
Tips & operations
- Resource-intensive — Wazuh + OpenSearch needs significant resources
- Plan storage — log data accumulates fast; size disk generously
- Tune rules — false positives common; tune for environment
- Agent deployment — plan rollout via Ansible / config management
- Backup critical — your security history
- Retention policy — define + enforce; compliance often requires X months
What we ship in BluixApps
- Docker compose: Wazuh manager + Wazuh dashboard + OpenSearch (filebeat included)
- Pinned
wazuh/wazuh-manager:4.10(release-tagged) - HTTPS via Let's Encrypt
- Admin user via env config
- Persistent volumes for all services
- Agent enrollment documented in install report
- Backup hook covers OpenSearch indices + Wazuh config
Get this app — pick a BluixApps plan
Same catalog. Scaling tenant isolation, white-label and support tier.
| Tier | Tenants | Catalog | Support | White-label | Monthly | |
|---|---|---|---|---|---|---|
| Stacks | 1 | 19 curated stacks | Standard | — | $19/mo | DetailDeploy |
| Starter | 10 | Full catalog | Standard | +$15–25/mo | $49/mo | DetailDeploy |
| Pro | 25 | Full catalog | Priority bugfix | +$15–25/mo | $149/mo | DetailDeploy |
| Growth | 100 | Full catalog | Priority bugfix | +$15–25/mo | $349/mo | DetailDeploy |
| Scale | 500 | Full catalog | 7-day window | +$15–25/mo | $799/mo | DetailDeploy |
| Enterprise | Unlimited | Full catalog | Priority 7-day | Bundled | $1,499/mo | DetailDeploy |