[ArnoVW]

I used their docker based installation. Upgraded it a couple of times, takes me 1h each time (mostly because I am more of a PHB and not a devops)

Never had a single issue with indexes, though we only ingest 500k+ events per day for ~endpoints.

Don’t use email but notifications by Slack. Never had it fail in one year.

Honestly, I almost feel bad for the amount of value I’m getting for free. So I’m happy to give back: made an integration that recovers all Google Workdspace events (https://github.com/avanwouwe/wazuh-gworkspace) if anyone’s using Wazuh? I also plan on publishing my Chrome extension integration (behavioral analysis and malware and shadow it detection) in a couple of days!