My Stack

The 2 biggest things that Wazuh lacks directly is accountability tracking on alerts(ticketing) and the NIDS and related features.. Having said that there are ways to implement ticketing natively using Wazuh and integrating to services like Jira if you use them or Open Source solutions like The Hive and Cortex. As for the NIDS side that can be replaced with Snort or Suricata. In short Wazuh alone is not a full replacement for AlienVault USM. Another project you may wish to look at is SIEMonster which has a solution that includes most of the open source projects I've just mentioned, including Wazuh, and a few others to more neatly tie the package together. In the end you will either need something like SIEMonster which is more fully featured or you will need to spend some time configuring replacements for the other pieces of the puzzle