Managed Wazuh – Swiss SIEM & XDR, fully operated

Frequently Asked Questions

What is a managed Wazuh service?

A managed Wazuh service means VSHN takes full operational responsibility for your Wazuh SIEM and XDR platform. We provision the infrastructure on your chosen cloud provider — whether cloudscale.ch, Exoscale, AWS, Google Cloud, or Microsoft Azure — configure and secure Wazuh, apply updates, perform daily encrypted backups with 100 GB of included storage, and monitor the service 24/7. You connect to a production-ready, enterprise-grade security monitoring platform without running any infrastructure yourself.

What is Wazuh and what does it do?

Wazuh is an open-source security platform that provides unified SIEM (Security Information and Event Management) and XDR (Extended Detection and Response) capabilities. It performs real-time log analysis, intrusion detection, vulnerability assessment, file integrity monitoring, and regulatory compliance checks. Wazuh collects and analyses security data from endpoints, network devices, cloud workloads, and containers — giving your team a single pane of glass for threat detection and incident response across your entire infrastructure.

What SLA do you offer for managed Wazuh?

We offer two service tiers. The best-effort plan has no formal SLA and is ideal for development environments and non-critical workloads at CHF 300 per month. Our production plans guarantee 99.99% availability, meaning less than 53 minutes of downtime per year. Critical incidents are responded to within 15 minutes. All SLA commitments are documented in a written service agreement signed before any deployment begins.

What infrastructure do I need to provide?

For cloud deployments you do not need to provide any hardware — VSHN provisions everything on your behalf on Swiss providers such as cloudscale.ch or Exoscale, or on international platforms like AWS, Google Cloud, or Microsoft Azure. For on-premises deployments you provide servers meeting our minimum specifications (8 vCPU, 16 GB RAM for the Wazuh manager, plus indexer nodes sized to your event volume) running Ubuntu 22.04 LTS. VSHN handles the rest: networking, firewall rules, Wazuh installation, and all ongoing operations.

How are backups handled?

Backups run automatically every day covering Wazuh configuration, detection rules, agent enrolment data, and indexed security events. Each backup is encrypted at rest and stored off-site, away from the primary infrastructure. 100 GB of backup storage is included in every plan. Backups are retained for 30 days by default; longer retention periods are available. Restoration to any backup point within the retention window typically takes under 60 minutes depending on data volume.

How is managed Wazuh priced?

VSHN offers managed Wazuh tailored to your specific requirements. Plans range from best-effort single-node instances to production-grade deployments with a 99.99% guaranteed availability SLA and multi-node clusters with automatic failover. All plans include backup storage, monitoring, and engineering support. Contact us for a personalised quote — we provide a written cost estimate within one business day with no commitment required.

Can I run Wazuh on Swiss cloud infrastructure?

Yes. VSHN deploys managed Wazuh on Swiss cloud providers by default, including cloudscale.ch and Exoscale, both of which operate data centres exclusively in Switzerland. If data residency is a compliance requirement, these providers are the recommended choice. We also support AWS (Zurich region), Google Cloud, and Microsoft Azure where Swiss regions are available. Your data sovereignty requirements are documented in the service agreement, and no data ever leaves your chosen region without explicit consent.

Can Wazuh monitor my Kubernetes clusters?

Yes. Wazuh provides native Kubernetes security monitoring including pod-level log collection, container runtime threat detection, Kubernetes audit log analysis, and compliance scanning of cluster configurations. VSHN can deploy Wazuh agents as a DaemonSet across your Kubernetes nodes — including APPUiO Cloud, our Swiss managed Kubernetes platform — so that every workload is covered. The same 99.99% SLA, 100 GB backup storage, and 24/7 engineering support apply to Kubernetes-integrated deployments.

Is Wazuh compatible with my existing security tools?

Yes. As an open-source platform, Wazuh integrates with a wide range of security and IT tools. It supports log ingestion from firewalls, cloud providers, identity systems, and SaaS applications via Syslog, JSON, and API connectors. Wazuh can forward alerts to SOAR platforms, ticketing systems, and messaging tools like Slack or Microsoft Teams. VSHN can configure custom integrations as part of the managed service, ensuring Wazuh fits seamlessly into your existing security operations workflow.

How do I get started with managed Wazuh?

Contact us using the form below. Tell us your expected event volume (events per second), number of monitored endpoints, preferred cloud provider — for example cloudscale.ch, Exoscale, AWS, or Google Cloud — and whether you need a 99.99% SLA. We provide a written requirements analysis and cost estimate within one business day. There is no commitment at the requirements stage. Once you decide to proceed, setup is free and your Wazuh instance is typically production-ready within five business days.