Wazuh Versions Save

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

v4.8.0-beta4

2 weeks ago

Manager

Added

  • Added new query "rollback" to wazuh-db. (#16058)
  • Transition to Wazuh Keystore for Indexer Configuration. (#21670)

Changed

  • Vulnerability Detection refactor. (#21201)
  • Improved wazuh-db detection of deleted database files. (#18476)
  • Added timeout and retry parameters to the VirusTotal integration. (#16893)
  • Extended wazuh-analysisd EPS metrics with events dropped by overload and remaining credits in the previous cycle. (#18988)
  • Updated API and framework packages installation commands to use pip instead of direct invocation of setuptools. (#18466)
  • Upgraded docker-compose V1 to V2 in API Integration test scripts. (#17750)
  • Refactored how cluster status dates are treated in the cluster. (#17015)
  • The log message about file rotation and signature from wazuh-monitord has been updated. (#21602)

Fixed

  • Updated cluster connection cleanup to remove temporary files when the connection between a worker and a master is broken. (#17886)

Agent

Added

  • Added snap package manager support to Syscollector. (#15740)
  • Added event size validation for the external integrations. (#17932)
  • Added new unit tests for the AWS integration. (#17623)
  • Added mapping geolocation for AWS WAF integration. (#20649)
  • Added a validation to reject unsupported regions when using the inspector service. (#21530)
  • Added additional information on some AWS integration errors. (#21561)

Changed

  • Disabled host's IP query by Logcollector when ip_update_interval=0. (#18574)
  • The MS Graph integration module now supports multiple tenants. (#19064)
  • FIM now buffers the Linux audit events for who-data to prevent side effects in other components. (#16200)
  • The sub-process execution implementation has been improved. (#19720)
  • Refactored and modularized the AWS integration code. (#17623)
  • Replace the usage of fopen with wfopen to avoid processing invalid characters on Windows. (#21791)
  • Prevent macOS agent to start automatically after installation. (#21637)

Fixed

  • Fixed process path retrieval in Syscollector on Windows XP. (#16839)
  • Fixed detection of the OS version on Alpine Linux. (#16056)
  • Fixed Solaris 10 name not showing in the Dashboard. (#18642)
  • Fixed macOS Ventura compilation from sources. (#21932)

RESTful API

Added

  • Added new GET /manager/version/check endpoint to obtain information about new releases of Wazuh. (#19952)
  • Introduced an auto option for the ssl_protocol setting in the API configuration. This enables automatic negotiation of the TLS certificate to be used. (#20420)

Fixed

  • Fixed a warning from SQLAlchemy involving detached Roles instances in RBAC. (#20527)

Removed

  • Removed PUT /vulnerability, GET /vulnerability/{agent_id}, GET /vulnerability/{agent_id}/last_scan and GET /vulnerability/{agent_id}/summary/{field} API endpoints as they were deprecated in version 4.7.0. Use the Wazuh indexer REST API instead. (#20119)
  • Removed the compilation_date field from GET /cluster/{node_id}/info and GET /manager/info endpoints. (#21572)
  • Deprecated the cache configuration option. (#22387)

Ruleset

Added

  • Added new SCA policy for Amazon Linux 2023. (#17780)
  • Added new SCA policy for Rocky Linux 8. (#17784)
  • Added rules to detect IcedID attacks. (#19528)

Changed

  • SCA policy for Ubuntu Linux 18.04 rework. (#18721)
  • SCA policy for Ubuntu Linux 22.04 rework. (#17515)
  • SCA policy for Red Hat Enterprise Linux 7 rework. (#18440)
  • SCA policy for Red Hat Enterprise Linux 8 rework. (#17770)
  • SCA policy for Red Hat Enterprise Linux 9 rework. (#17412)
  • SCA policy for CentOS 7 rework. (#17624)
  • SCA policy for CentOS 8 rework. (#18439)
  • SCA policy for Debian 8 rework. (#18010)
  • SCA policy for Debian 10 rework. (#17922)
  • SCA policy for Amazon Linux 2 rework. (#18695)
  • SCA policy for SUSE Linux Enterprise 15 rework. (#18985)
  • SCA policy for macOS 13.0 Ventura rework. (#19037)
  • SCA policy for Microsoft Windows 10 Enterprise rework. (#19515)
  • SCA policy for Microsoft Windows 11 Enterprise rework. (#20044)
  • Update MITRE DB to v13.1. (#17518)

Other

Added

  • Added external lua library dependency version 5.3.6. (#21710)
  • Added external PyJWT library dependency version 2.8.0. (#21749)

Changed

  • Upgraded external aiohttp library dependency version to 3.9.3. (#21856)
  • Upgraded external cryptography library dependency version to 42.0.4. (#22221)
  • Upgraded external numpy library dependency version to 1.26.0. (#20003)
  • Upgraded external grpcio library dependency version to 1.58.0. (#20003)
  • Upgraded external pyarrow library dependency version to 14.0.1. (#20003)
  • Upgraded external urllib3 library dependency version to 1.26.18. (#20630)
  • Upgraded external SQLAlchemy library dependency version to 2.0.23. (#20741)
  • Upgraded external Jinja2 library dependency version to 3.1.3. (#21684)
  • Upgraded embedded Python version to 3.10.13. (#20003)
  • Upgraded external curl library dependency version to 8.5.0. (#21710)
  • Upgraded external pcre2 library dependency version to 10.42. (#21710)
  • Upgraded external libarchive library dependency version to 3.7.2. (#21710)
  • Upgraded external rpm library dependency version to 4.18.2. (#21710)
  • Upgraded external sqlite library dependency version to 3.45.0. (#21710)
  • Upgraded external zlib library dependency version to 1.3.1. (#21710)

Deleted

  • Removed external python-jose and ecdsa library dependencies. (#21749)

v4.7.3

3 weeks ago

Manager

Fixed

  • Resolved a transitive mutex locking issue in wazuh-db that was impacting performance. (#21997)
  • Wazuh DB internal SQL queries have been optimized by tuning database indexes to improve performance. (#21977)

v4.8.0-beta3

4 weeks ago

Manager

Added

  • Added new query "rollback" to wazuh-db. (#16058)
  • Transition to Wazuh Keystore for Indexer Configuration. (#21670)

Changed

  • Vulnerability Detection refactor. (#21201)
  • Improved wazuh-db detection of deleted database files. (#18476)
  • Added timeout and retry parameters to the VirusTotal integration. (#16893)
  • Extended wazuh-analysisd EPS metrics with events dropped by overload and remaining credits in the previous cycle. (#18988)
  • Updated API and framework packages installation commands to use pip instead of direct invocation of setuptools. (#18466)
  • Upgraded docker-compose V1 to V2 in API Integration test scripts. (#17750)
  • Refactored how cluster status dates are treated in the cluster. (#17015)
  • The log message about file rotation and signature from wazuh-monitord has been updated. (#21602)

Fixed

  • Updated cluster connection cleanup to remove temporary files when the connection between a worker and a master is broken. (#17886)

Agent

Added

  • Added snap package manager support to Syscollector. (#15740)
  • Added event size validation for the external integrations. (#17932)
  • Added new unit tests for the AWS integration. (#17623)
  • Added mapping geolocation for AWS WAF integration. (#20649)
  • Added a validation to reject unsupported regions when using the inspector service. (#21530)
  • Added additional information on some AWS integration errors. (#21561)

Changed

  • Disabled host's IP query by Logcollector when ip_update_interval=0. (#18574)
  • The MS Graph integration module now supports multiple tenants. (#19064)
  • FIM now buffers the Linux audit events for who-data to prevent side effects in other components. (#16200)
  • The sub-process execution implementation has been improved. (#19720)
  • Refactored and modularized the AWS integration code. (#17623)
  • Replace the usage of fopen with wfopen to avoid processing invalid characters on Windows. (#21791)
  • Prevent macOS agent to start automatically after installation. (#21637)

Fixed

  • Fixed process path retrieval in Syscollector on Windows XP. (#16839)
  • Fixed detection of the OS version on Alpine Linux. (#16056)
  • Fixed Solaris 10 name not showing in the Dashboard. (#18642)
  • Fixed macOS Ventura compilation from sources. (#21932)

RESTful API

Added

  • Added new GET /manager/version/check endpoint to obtain information about new releases of Wazuh. (#19952)
  • Introduced an auto option for the ssl_protocol setting in the API configuration. This enables automatic negotiation of the TLS certificate to be used. (#20420)

Fixed

  • Fixed a warning from SQLAlchemy involving detached Roles instances in RBAC. (#20527)

Removed

  • Removed PUT /vulnerability, GET /vulnerability/{agent_id}, GET /vulnerability/{agent_id}/last_scan and GET /vulnerability/{agent_id}/summary/{field} API endpoints as they were deprecated in version 4.7.0. Use the Wazuh indexer REST API instead. (#20119)
  • Removed the compilation_date field from GET /cluster/{node_id}/info and GET /manager/info endpoints. (#21572)

Ruleset

Added

  • Added new SCA policy for Amazon Linux 2023. (#17780)
  • Added new SCA policy for Rocky Linux 8. (#17784)
  • Added rules to detect IcedID attacks. (#19528)

Changed

  • SCA policy for Ubuntu Linux 18.04 rework. (#18721)
  • SCA policy for Ubuntu Linux 22.04 rework. (#17515)
  • SCA policy for Red Hat Enterprise Linux 7 rework. (#18440)
  • SCA policy for Red Hat Enterprise Linux 8 rework. (#17770)
  • SCA policy for Red Hat Enterprise Linux 9 rework. (#17412)
  • SCA policy for CentOS 7 rework. (#17624)
  • SCA policy for CentOS 8 rework. (#18439)
  • SCA policy for Debian 8 rework. (#18010)
  • SCA policy for Debian 10 rework. (#17922)
  • SCA policy for Amazon Linux 2 rework. (#18695)
  • SCA policy for SUSE Linux Enterprise 15 rework. (#18985)
  • SCA policy for macOS 13.0 Ventura rework. (#19037)
  • SCA policy for Microsoft Windows 10 Enterprise rework. (#19515)
  • SCA policy for Microsoft Windows 11 Enterprise rework. (#20044)
  • Update MITRE DB to v13.1. (#17518)

Other

Added

  • Added external lua library dependency version 5.3.6. (#21710)

Changed

  • Upgraded external aiohttp library dependency version to 3.8.5. (#20003)
  • Upgraded external cryptography library dependency version to 41.0.7. (#21055)
  • Upgraded external numpy library dependency version to 1.26.0. (#20003)
  • Upgraded external grpcio library dependency version to 1.58.0. (#20003)
  • Upgraded external pyarrow library dependency version to 14.0.1. (#20003)
  • Upgraded external urllib3 library dependency version to 1.26.18. (#20630)
  • Upgraded external SQLAlchemy library dependency version to 2.0.23. (#20741)
  • Upgraded external Jinja2 library dependency version to 3.1.3. (#21684)
  • Upgraded embedded Python version to 3.10.13. (#20003)
  • Upgraded external curl library dependency version to 8.5.0. (#21710)
  • Upgraded external pcre2 library dependency version to 10.42. (#21710)
  • Upgraded external libarchive library dependency version to 3.7.2. (#21710)
  • Upgraded external rpm library dependency version to 4.18.2. (#21710)
  • Upgraded external sqlite library dependency version to 3.45.0. (#21710)
  • Upgraded external zlib library dependency version to 1.3.1. (#21710)

v4.7.3-rc2

1 month ago

Manager

Fixed

  • Resolved a transitive mutex locking issue in wazuh-db that was impacting performance. (#21997)
  • Wazuh DB internal SQL queries have been optimized by tuning database indexes to improve performance. (#21977)

v4.8.0-beta2

1 month ago

Manager

Added

  • Added new query "rollback" to wazuh-db. (#16058)
  • Transition to Wazuh Keystore for Indexer Configuration. (#21670)

Changed

  • Vulnerability Detection refactor. (#21201)
  • Improved wazuh-db detection of deleted database files. (#18476)
  • Added timeout and retry parameters to the VirusTotal integration. (#16893)
  • Extended wazuh-analysisd EPS metrics with events dropped by overload and remaining credits in the previous cycle. (#18988)
  • Updated API and framework packages installation commands to use pip instead of direct invocation of setuptools. (#18466)
  • Upgraded docker-compose V1 to V2 in API Integration test scripts. (#17750)
  • Refactored how cluster status dates are treated in the cluster. (#17015)
  • The log message about file rotation and signature from wazuh-monitord has been updated. (#21602)

Fixed

  • Updated cluster connection cleanup to remove temporary files when the connection between a worker and a master is broken. (#17886)

Agent

Added

  • Added snap package manager support to Syscollector. (#15740)
  • Added event size validation for the external integrations. (#17932)
  • Added new unit tests for the AWS integration. (#17623)
  • Added mapping geolocation for AWS WAF integration. (#20649)
  • Added a validation to reject unsupported regions when using the inspector service. (#21530)
  • Added additional information on some AWS integration errors. (#21561)

Changed

  • Disabled host's IP query by Logcollector when ip_update_interval=0. (#18574)
  • The MS Graph integration module now supports multiple tenants. (#19064)
  • FIM now buffers the Linux audit events for who-data to prevent side effects in other components. (#16200)
  • The sub-process execution implementation has been improved. (#19720)
  • Refactored and modularized the AWS integration code. (#17623)
  • Replace the usage of fopen with wfopen to avoid processing invalid characters on Windows. (#21791)
  • Prevent macOS agent to start automatically after installation. (#21637)

Fixed

  • Fixed process path retrieval in Syscollector on Windows XP. (#16839)
  • Fixed detection of the OS version on Alpine Linux. (#16056)
  • Fixed Solaris 10 name not showing in the Dashboard. (#18642)
  • Fixed macOS Ventura compilation from sources. (#21932)

RESTful API

Added

  • Added new GET /manager/version/check endpoint to obtain information about new releases of Wazuh. (#19952)
  • Introduced an auto option for the ssl_protocol setting in the API configuration. This enables automatic negotiation of the TLS certificate to be used. (#20420)

Fixed

  • Fixed a warning from SQLAlchemy involving detached Roles instances in RBAC. (#20527)

Removed

  • Removed PUT /vulnerability, GET /vulnerability/{agent_id}, GET /vulnerability/{agent_id}/last_scan and GET /vulnerability/{agent_id}/summary/{field} API endpoints as they were deprecated in version 4.7.0. Use the Wazuh indexer REST API instead. (#20119)
  • Removed the compilation_date field from GET /cluster/{node_id}/info and GET /manager/info endpoints. (#21572)

Ruleset

Added

  • Added new SCA policy for Amazon Linux 2023. (#17780)
  • Added new SCA policy for Rocky Linux 8. (#17784)
  • Added rules to detect IcedID attacks. (#19528)

Changed

  • SCA policy for Ubuntu Linux 18.04 rework. (#18721)
  • SCA policy for Ubuntu Linux 22.04 rework. (#17515)
  • SCA policy for Red Hat Enterprise Linux 7 rework. (#18440)
  • SCA policy for Red Hat Enterprise Linux 8 rework. (#17770)
  • SCA policy for Red Hat Enterprise Linux 9 rework. (#17412)
  • SCA policy for CentOS 7 rework. (#17624)
  • SCA policy for CentOS 8 rework. (#18439)
  • SCA policy for Debian 8 rework. (#18010)
  • SCA policy for Debian 10 rework. (#17922)
  • SCA policy for Amazon Linux 2 rework. (#18695)
  • SCA policy for SUSE Linux Enterprise 15 rework. (#18985)
  • SCA policy for macOS 13.0 Ventura rework. (#19037)
  • SCA policy for Microsoft Windows 10 Enterprise rework. (#19515)
  • SCA policy for Microsoft Windows 11 Enterprise rework. (#20044)
  • Update MITRE DB to v13.1. (#17518)

Other

Added

  • Added external lua library dependency version 5.3.6. (#21710)

Changed

  • Upgraded external aiohttp library dependency version to 3.8.5. (#20003)
  • Upgraded external cryptography library dependency version to 41.0.7. (#21055)
  • Upgraded external numpy library dependency version to 1.26.0. (#20003)
  • Upgraded external grpcio library dependency version to 1.58.0. (#20003)
  • Upgraded external pyarrow library dependency version to 14.0.1. (#20003)
  • Upgraded external urllib3 library dependency version to 1.26.18. (#20630)
  • Upgraded external SQLAlchemy library dependency version to 2.0.23. (#20741)
  • Upgraded external Jinja2 library dependency version to 3.1.3. (#21684)
  • Upgraded embedded Python version to 3.10.13. (#20003)
  • Upgraded external curl library dependency version to 8.5.0. (#21710)
  • Upgraded external pcre2 library dependency version to 10.42. (#21710)
  • Upgraded external libarchive library dependency version to 3.7.2. (#21710)
  • Upgraded external rpm library dependency version to 4.18.2. (#21710)
  • Upgraded external sqlite library dependency version to 3.45.0. (#21710)
  • Upgraded external zlib library dependency version to 1.3.1. (#21710)

v4.7.3-rc1

1 month ago

Manager

Fixed

  • Resolved a transitive mutex locking issue in wazuh-db that was impacting performance. (#21997)
  • Wazuh DB internal SQL queries have been optimized by tuning database indexes to improve performance. (#21977)

v4.8.0-beta1

1 month ago

Manager

Added

  • Added new query "rollback" to wazuh-db. (#16058)

Changed

  • Vulnerability Detection refactor. (#21201)
  • Improved wazuh-db detection of deleted database files. (#18476)
  • Added timeout and retry parameters to the VirusTotal integration. (#16893)
  • Extended wazuh-analysisd EPS metrics with events dropped by overload and remaining credits in the previous cycle. (#18988)
  • Replaced Filebeat's date index name processor. (#19819)
  • Updated API and framework packages installation commands to use pip instead of direct invocation of setuptools. (#18466)
  • Upgraded docker-compose V1 to V2 in API Integration test scripts. (#17750)
  • Refactored how cluster status dates are treated in the cluster. (#17015)

Fixed

  • Updated cluster connection cleanup to remove temporary files when the connection between a worker and a master is broken. (#17886)

Agent

Added

  • Added snap package manager support to Syscollector. (#15740)
  • Added event size validation for the external integrations. (#17932)
  • Added new unit tests for the AWS integration. (#17623)
  • Added mapping geolocation for AWS WAF integration. (#20649)

Changed

  • Disabled host's IP query by Logcollector when ip_update_interval=0. (#18574)
  • The MS Graph integration module now supports multiple tenants. (#19064)
  • FIM now buffers the Linux audit events for who-data to prevent side effects in other components. (#16200)
  • The sub-process execution implementation has been improved. (#19720)
  • Refactored and modularized the AWS integration code. (#17623)

Fixed

  • Fixed process path retrieval in Syscollector on Windows XP. (#16839)
  • Fixed detection of the OS version on Alpine Linux. (#16056)
  • Fixed Solaris 10 name not showing in the Dashboard. (#18642)

RESTful API

Added

  • Added new GET /manager/version/check endpoint to obtain information about new releases of Wazuh. (#19952)
  • Introduced an auto option for the ssl_protocol setting in the API configuration. This enables automatic negotiation of the TLS certificate to be used. (#20420)

Fixed

  • Fixed a warning from SQLAlchemy involving detached Roles instances in RBAC. (#20527)

Removed

  • Removed PUT /vulnerability, GET /vulnerability/{agent_id}, GET /vulnerability/{agent_id}/last_scan and GET /vulnerability/{agent_id}/summary/{field} API endpoints as they were deprecated in version 4.7.0. Use the Wazuh indexer REST API instead. (#20119)

Ruleset

Added

  • Added new SCA policy for Amazon Linux 2023. (#17780)
  • Added new SCA policy for Rocky Linux 8. (#17784)
  • Added rules to detect IcedID attacks. (#19528)

Changed

  • SCA policy for Ubuntu Linux 18.04 rework. (#18721)
  • SCA policy for Ubuntu Linux 22.04 rework. (#17515)
  • SCA policy for Red Hat Enterprise Linux 7 rework. (#18440)
  • SCA policy for Red Hat Enterprise Linux 8 rework. (#17770)
  • SCA policy for Red Hat Enterprise Linux 9 rework. (#17412)
  • SCA policy for CentOS 7 rework. (#17624)
  • SCA policy for CentOS 8 rework. (#18439)
  • SCA policy for Debian 8 rework. (#18010)
  • SCA policy for Debian 10 rework. (#17922)
  • SCA policy for Amazon Linux 2 rework. (#18695)
  • SCA policy for SUSE Linux Enterprise 15 rework. (#18985)
  • SCA policy for macOS 13.0 Ventura rework. (#19037)
  • SCA policy for Microsoft Windows 10 Enterprise rework. (#19515)
  • SCA policy for Microsoft Windows 11 Enterprise rework. (#20044)
  • Update MITRE DB to v13.1. (#17518)

Other

Changed

  • Upgraded external aiohttp library dependency version to 3.8.5. (#20003)
  • Upgraded external cryptography library dependency version to 41.0.4. (#20003)
  • Upgraded external numpy library dependency version to 1.26.0. (#20003)
  • Upgraded external grpcio library dependency version to 1.58.0. (#20003)
  • Upgraded external pyarrow library dependency version to 14.0.1. (#20003)
  • Upgraded embedded Python version to 3.10.13. (#20003)

v4.7.2

2 months ago

Manager

Added

  • Added minimum time constraint of 1 hour for Vulnerability Detector feed downloads. (#21142)

Fixed

  • wazuh-remoted now includes the offending bytes in the warning about invalid message size from agents. (#21011)
  • Fixed a bug in the Windows Eventchannel decoder on handling Unicode characters. (#20658)
  • Fixed data validation at Windows Eventchannel decoder. (#20735)

Agent

Added

  • Added timeouts to external and Cloud integrations to prevent indefinite waiting for a response. (#20638)

Fixed

  • The host_deny Active response now checks the IP parameter format. (#20656)
  • Fixed a bug in the Windows agent that might lead it to crash when gathering forwarded Windows events. (#20594)
  • The AWS integration now finds AWS configuration profiles that do not contain the profile prefix. (#20447)
  • Fixed parsing for regions argument of the AWS integration. (#20660)

Ruleset

Added

  • Added new SCA policy for Debian 12. (#17565)

Fixed

  • Fixed AWS Macie fields used in some rules and removed unused AWS Macie Classic rules. (#20663)

Other

Changed

  • Upgraded external aiohttp library dependency version to 3.9.1. (#20798)
  • Upgraded pip dependency version to 23.3.2. (#20632)

v4.8.0-alpha2

2 months ago

Manager

Added

  • Added new query "rollback" to wazuh-db. (#16058)

Changed

  • Vulnerability Detection refactor. (#21201)
  • Improved wazuh-db detection of deleted database files. (#18476)
  • Added timeout and retry parameters to the VirusTotal integration. (#16893)
  • Extended wazuh-analysisd EPS metrics with events dropped by overload and remaining credits in the previous cycle. (#18988)
  • Replaced Filebeat's date index name processor. (#19819)
  • Updated API and framework packages installation commands to use pip instead of direct invocation of setuptools. (#18466)
  • Upgraded docker-compose V1 to V2 in API Integration test scripts. (#17750)
  • Refactored how cluster status dates are treated in the cluster. (#17015)

Fixed

  • Updated cluster connection cleanup to remove temporary files when the connection between a worker and a master is broken. (#17886)

Agent

Added

  • Added snap package manager support to Syscollector. (#15740)
  • Added event size validation for the external integrations. (#17932)
  • Added new unit tests for the AWS integration. (#17623)
  • Added mapping geolocation for AWS WAF integration. (#20649)

Changed

  • Disabled host's IP query by Logcollector when ip_update_interval=0. (#18574)
  • The MS Graph integration module now supports multiple tenants. (#19064)
  • FIM now buffers the Linux audit events for who-data to prevent side effects in other components. (#16200)
  • The sub-process execution implementation has been improved. (#19720)
  • Refactored and modularized the AWS integration code. (#17623)

Fixed

  • Fixed process path retrieval in Syscollector on Windows XP. (#16839)
  • Fixed detection of the OS version on Alpine Linux. (#16056)
  • Fixed Solaris 10 name not showing in the Dashboard. (#18642)

RESTful API

Added

  • Added new GET /manager/version/check endpoint to obtain information about new releases of Wazuh. (#19952)
  • Introduced an auto option for the ssl_protocol setting in the API configuration. This enables automatic negotiation of the TLS certificate to be used. (#20420)

Fixed

  • Fixed a warning from SQLAlchemy involving detached Roles instances in RBAC. (#20527)

Removed

  • Removed PUT /vulnerability, GET /vulnerability/{agent_id}, GET /vulnerability/{agent_id}/last_scan and GET /vulnerability/{agent_id}/summary/{field} API endpoints as they were deprecated in version 4.7.0. Use the Wazuh indexer REST API instead. (#20119)

Ruleset

Added

  • Added new SCA policy for Amazon Linux 2023. (#17780)
  • Added new SCA policy for Rocky Linux 8. (#17784)
  • Added rules to detect IcedID attacks. (#19528)

Changed

  • SCA policy for Ubuntu Linux 18.04 rework. (#18721)
  • SCA policy for Ubuntu Linux 22.04 rework. (#17515)
  • SCA policy for Red Hat Enterprise Linux 7 rework. (#18440)
  • SCA policy for Red Hat Enterprise Linux 8 rework. (#17770)
  • SCA policy for Red Hat Enterprise Linux 9 rework. (#17412)
  • SCA policy for CentOS 7 rework. (#17624)
  • SCA policy for CentOS 8 rework. (#18439)
  • SCA policy for Debian 8 rework. (#18010)
  • SCA policy for Debian 10 rework. (#17922)
  • SCA policy for Amazon Linux 2 rework. (#18695)
  • SCA policy for SUSE Linux Enterprise 15 rework. (#18985)
  • SCA policy for macOS 13.0 Ventura rework. (#19037)
  • SCA policy for Microsoft Windows 10 Enterprise rework. (#19515)
  • SCA policy for Microsoft Windows 11 Enterprise rework. (#20044)
  • Update MITRE DB to v13.1. (#17518)

Other

Changed

  • Upgraded external aiohttp library dependency version to 3.8.5. (#20003)
  • Upgraded external cryptography library dependency version to 41.0.4. (#20003)
  • Upgraded external numpy library dependency version to 1.26.0. (#20003)
  • Upgraded external grpcio library dependency version to 1.58.0. (#20003)
  • Upgraded external pyarrow library dependency version to 14.0.1. (#20003)
  • Upgraded embedded Python version to 3.10.13. (#20003)

v4.7.2-rc1

3 months ago

Manager

Fixed

  • wazuh-remoted now includes the offending bytes in the warning about invalid message size from agents. (#21011)
  • Fixed a bug in the Windows Eventchannel decoder on handling Unicode characters. (#20658)
  • Fixed data validation at Windows Eventchannel decoder. (#20735)

Agent

Added

  • Added timeouts to external and Cloud integrations to prevent indefinite waiting for a response. (#20638)

Fixed

  • The host_deny Active response now checks the IP parameter format. (#20656)
  • Fixed a bug in the Windows agent that might lead it to crash when gathering forwarded Windows events. (#20594)
  • The AWS integration now finds AWS configuration profiles that do not contain the profile prefix. (#20447)
  • Fixed parsing for regions argument of the AWS integration. (#20660)

Ruleset

Added

  • Added new SCA policy for Debian 12. (#17565)

Fixed

  • Fixed AWS Macie fields used in some rules and removed unused AWS Macie Classic rules. (#20663)

Other

Changed

  • Upgraded external aiohttp library dependency version to 3.9.1. (#20798)
  • Upgraded pip dependency version to 23.3.2. (#20632)