I have first hand experience with this product for over 2 years. It is a PITA from a SRE/Devops Security point of view. Things constantly break, the indexes, emailing reports, just general bit rot. The source code is at best a good first attempt, but sorely lacking.
I used their docker based installation. Upgraded it a couple of times, takes me 1h each time (mostly because I am more of a PHB and not a devops)
Never had a single issue with indexes, though we only ingest 500k+ events per day for ~endpoints.
Don’t use email but notifications by Slack. Never had it fail in one year.
Honestly, I almost feel bad for the amount of value I’m getting for free. So I’m happy to give back: made an integration that recovers all Google Workdspace events (https://github.com/avanwouwe/wazuh-gworkspace) if anyone’s using Wazuh? I also plan on publishing my Chrome extension integration (behavioral analysis and malware and shadow it detection) in a couple of days!
What was it specifically that made it a "maint burden of the first order?"