🌐 USA / OSS

Wazuh + osquery

Wazuh plus osquery is powerful if you have the technical appetite. It gives control, transparency and a lot of telemetry without a license bill. But it is not a one-button security team. Someone must host it, tune it, explain it, turn findings into tasks and make the evidence usable for management or auditors.

Starting price

Free self-hosted; Cloud from $571 / month

OSS / self-host or cloud

License can be free when self-hosted, but hosting, tuning, triage, reporting and ownership are real operational costs.

Official site

Verified 2026-05-19

Capabilities

endpointImplementedmdrNot includedvulnImplementedcloudPartialcodeNot includedbackupNot includedidentityPartialsupplierNot includedcontractNot includedevidencePartialremediationNot includedexecReportsPartialbyokImplemented

Best compliance fit

ISO 27001PCI DSSCIS Controls v8

Main gap

Free software, but not free operations; workflow, reporting and remediation are buyer-owned

How we know

Self-hosted open-source use can avoid license fees, while Wazuh Cloud publishes paid plans starting at $571/month; operations and hosting still matter.

Wazuh Cloud osquery

When to pair it

Wazuh + osquery is strongest in its core category. If the goal is audit-ready evidence, supplier risk, backup proof or cross-tool remediation, pair it with a separate evidence workflow rather than expecting this tool to cover the whole compliance program.

Evidence, remediation and reporting layer when this tool needs to support audits.