• Support
  • Forums
  • Blogs

Wazuh vs OSSEC


New Life Form
Anyone managed to run Wazuh instead of OSSEC and is it possible? worth doing?

We run the Full USM and have used Wazuh with some ELK deployments previously so looking for opinions on this?

Share post:


  • What are your primary needs from a functionality perspective?  With USM Anywhere, we started leveraging NxLog, OSQuery, etc.
  • Hi @bshopp

    you mean to say instead USM anywhere make use of NxLog, OSQuery, etc. rather than OSSEC??

  • edited December 2017
    Hello @adam.jones, @Kotresha,

       With USM Anywhere, the Anywhere Sensor would not act as an OSSEC server, you would need to design one in-house, which then logs could be sent (from the OSSEC server) to the Anywhere sensor and parsed. However, the Anywhere sensor itself, is not an OSSEC server.  

       As what @bshopp had mentioned, USM Anywhere utilizes NxLog, OSQuery, and others, instead of OSSEC. While the USM Sensor is not an OSSEC Server, you can still send OSSEC logs to the USM Sensor and have those logs be parsed by the Sensor. Mind you, this will add to your overall data consumption based on your Tier, if you are sending logs to the USM Sensor. 

     AlienVault USM Anywhere :: OSSEC

       I hope this helps!

    - kratos
  • It 's possible to run OSSIM with Wazuh ;)
    But, if you do that, you must modify several files :)

    Wazuh works very fine :)
Sign In or Register to comment.