Wazuh does much more than Nessus, for instance you can instruct the agent to temporarily drop networking if you identify a compromised machine. Agentless scans will do nothing of the like.
I appreciate the different feature sets, but there's almost always another endpoint agent you can build that behavior onto/through in the modern enterprise. Posture control isn't exactly a unique feature, and my original opinion still stands: between CrowdStrike, Tanium, SentinelOne, Defender, AirWatch, New Relic, and OpenTelemetry, I've seen a web of similar-ish feature sets with agents alone consuming upwards of 10% of the machine's CPU power just in the background.
What's worse, Wazuh doesn't even fully replace any of those above agents, meaning it has to be yet another complimentary agent on the machine. No thanks, when New Relic + OpenTelemetry can feed me all of the machine's logs and monitoring statistics, while a competent ITAM/ITSM can alert on out-of-bounds posture and trigger network or Identity systems to shutdown access. Hell, I'm old enough to remember when basic log forwarding and SNMP traps were all that was needed to effectively monitor machines, before developers and vendors began locking stuff up behind new APIs or services they could monetize better.
Don't get me wrong, I want Wazuh to succeed because nobody should have to shell out thousands of dollars a month for basic security posturing and monitoring; right now though, Wazuh ain't it.
