Hi Elastic Team,
I would like to kindly request the support of the Elastic team and the product owner for Security in enabling more features from Wazuh. It would be fantastic to have enhanced capabilities such as Configuration Assessment, CIS Benchmarking, Vulnerability Detection, Regulatory Compliance, and comprehensive File Integrity Monitoring.
What are your thoughts on this?
Thank you in advance!
Hi all,
No news about new security features?
Hello, It’s stretching beyond my technical field @ Elastic as an engineer working primarily at a small subset of the stack, but the post just made me curious. I skimmed through https://wazuh.com/
I don’t see anything there not available on Elastic stack from my point of view. There’s no follow ups in this thread so I guess others also came to similar conclusion, therefore could you elaborate more what is missing in Elastic stack in terms of the actual technical capability? Not just in terms of a checklist like I need “x” and “y” and “z” but what are the underlining technical things you need to accomplish with your SIEM.
I known it’s not trivial, Elastic stack is highly customizable and extensible. We try to deliver out-of-the-box packages within it to accomplish most common things which makes an easy onboarding experience when looking for “x, y, z” amongst many products, but the high customizability gives you the powers to add many more “x, y, z” in your deployment
“Regulatory Compliance” is a good example to showcase. Which/What/Where ??? Can you refer to the actual norms or papers? I guess you’re not interested in house roof color regulation in Elbonia or anything niche like that, but all regulations are specific to the geographic and field area
I think there are not much follows up on this thread because is mostly a feature request targeted to Elastic, it would be better as a issue on Github or enhancement request through some support contact.
I've used Wazuh for many years, and there are some things that it can do out-of-the-box that it is not possible with Elastic Agent and native integrations, most are related to assets management.
For example, configuring Wazuh and installing agents you already have information about Vulnerabilty Detection, Security Configuration Assessment e Regulatory Compliance out-of-the-box.
It can check the system configuration against CIS benchmarks, can validate if the system is in compliance with multiple regulatory requirements like PCI-DSS for example.
You can check this here and here.
Elastic Agent at the moment cannot do anything similar, it would require some external tools or custom data.
Also, the asset management on Wazuh is pretty good, I had a call last week with a couple of PMs from Elastic to provide feedback to Fleet and mentioned what I could do with Wazuh that I cannot do with Elastic Agent and Fleet.
Yeah, I know Elastic is highly customizable, but it would be nice if these security features were easier to apply, since many people want them. Because it’s kind of open source, it shouldn’t be that hard to implement. Too bad I’m not a developer.
I agree with the request.
I have to admit it is very frustrating to see a free opensource alternative offering functionality that the Entreprise version does not.
please do add it to your roadmap
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.