wazuh v4.5.1 releases: Host and endpoint security
Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the following capabilities:
- Log management and analysis: Wazuh agents read the operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.
- File integrity monitoring: Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on.
- Intrusion and anomaly detection: Agents scan the system looking for malware, rootkits or suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses.
- Policy and compliance monitoring: Wazuh monitors configuration files to ensure they are compliant with your security policies, standards or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured.
This diverse set of capabilities is provided by integrating OSSEC, OpenSCAP and Elastic Stack, making them work together as a unified solution, and simplifying their configuration and management.
It provides an updated log analysis ruleset and a RESTful API that allows you to monitor the status and configuration of all Wazuh agents.
It also includes a rich web application (fully integrated as a Kibana app), for mining log analysis alerts and for monitoring and managing your Wazuh infrastructure.
- Vulnerability Detector now fetches the RHEL 5 feed URL from feed.wazuh.com by default. (#18142)
- The Vulnerability Detector CPE helper has been updated. (#16846)
- Fixed a race condition in some RBAC unit tests by clearing the SQLAlchemy mappers. (#17866)
- Fixed a bug in wazuh-analysisd that could exceed the maximum number of fields when loading a rule. (#17490)
- Fixed a race condition in wazuh-analysisd FTS list. (#17126)
- Fixed a crash in Analysisd when parsing an invalid decoder. (#17143)
- Fixed a segmentation fault in wazuh-modulesd due to duplicate Vulnerability Detector configuration. (#17701)
- Fixed Vulnerability Detector configuration for unsupported SUSE systems. (#16978)
- Added the
discard_regexfunctionality to Inspector and CloudWatchLogs AWS integrations. (#17748)
- Added new validations for the AWS integration arguments. (#17673)
- Added native agent support for Apple silicon. (#2224)
- The agent for Windows now loads its shared libraries after running the verification. (#16607)
InvalidRangeerror in Azure Storage integration when trying to get data from an empty blob. (#17524)
- Fixed a memory corruption hazard in the FIM Windows Registry scan. (#17586)
- Fixed an error in Syscollector reading the CPU frequency on Apple M1. (#17179)
- Fixed agent WPK upgrade for Windows that might leave the previous version in the Registry. (#16659)
- Fixed agent WPK upgrade for Windows to get the correct path of the Windows folder. (#17176)
PUT /agents/upgrade_customendpoint to validate that the file extension is
- Fixed errors in API endpoints to get
reportsactive configuration from managers. (#17660)
- The SCA SCA policy for Ubuntu Linux 20.04 (CIS v2.0.0) has been remade. (#17794)
- Fixed CredSSP encryption enforcement at Windows Benchmarks for SCA. (#17941)
- Fixed an inverse logic in MS Windows Server 2022 Benchmark for SCA. (#17940)
- Fixed a false positive in Windows Eventchannel rule due to substring false positive. (#17779)
- Fixed missing whitespaces in SCA policies for Windows. (#17813)
- Fixed the description of a Fortigate rule. (#17798)
- Removed check 1.1.5 from Windows 10 SCA policy. (#17812)
- The CURL library has been updated to v7.88.1. (#16990)
Portions Copyright (C) 2017 Wazuh, Inc.
Based on work Copyright (C) 2003 – 2013 Trend Micro, Inc.