Interesting, never heard of Wazuh until now. That looks closer to what Trellix allows.
The guy in charge of picking endpoint security products (whose team writes these rules) has tried Defender and found it lacking in comparison. Also, that link is about historical search for threat hunting, so I’m not sure if it’s the correct one.
Edit: I just saw the section about writing detections, but that seems to be more of a reactive than proactive approach. It still does the detection from searches.
It’s also been archived for a year with no revamp in sight.