wazuh v4.4 RC3 releases: Host and endpoint security
Wazuh
Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the following capabilities:
- Log management and analysis: Wazuh agents read the operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.
- File integrity monitoring: Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on.
- Intrusion and anomaly detection: Agents scan the system looking for malware, rootkits or suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses.
- Policy and compliance monitoring: Wazuh monitors configuration files to ensure they are compliant with your security policies, standards or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured.
This diverse set of capabilities is provided by integrating OSSEC, OpenSCAP and Elastic Stack, making them work together as a unified solution, and simplifying their configuration and management.
It provides an updated log analysis ruleset and a RESTful API that allows you to monitor the status and configuration of all Wazuh agents.
It also includes a rich web application (fully integrated as a Kibana app), for mining log analysis alerts and for monitoring and managing your Wazuh infrastructure.
Changelog v4.4
Manager
Added
- Added new unit tests for cluster python module and increased coverage to 99%. (#9995)
- Added file size limitation on cluster integrity sync. (#11190)
- Added unit tests for CLIs script files. (#13424)
- Added support for SUSE in Vulnerability Detector. (#9962)
- Added a software limit to limit the number of EPS that a manager can process. (#13608)
- Added a new wazuh-clusterd task for agent-groups info synchronization. (#11753)
- Added unit tests for functions in charge of getting ruleset sync status. (#14950)
Changed
- wazuh-logtest now shows warnings about ruleset issues. (#10822)
- Modulesd memory is now managed by jemalloc, this helps reduce memory fragmentation. (#12206)
- The manager now refuses multiple connections from the same agent. (#11702)
- Updated the Vulnerability Detector configuration reporting to include MSU and skip JSON Red Hat feed. (#12117)
- Improved the shared configuration file handling performance. (#12352)
- The agent group data is now natively handled by Wazuh DB. (#11753)
- Improved security at cluster zip filenames creation. (#10710)
- Refactor of the core/common.py module. (#12390)
- Refactor format_data_into_dictionary method of WazuhDBQuerySyscheck class. (#12497)
- Limit the maximum zip size that can be created while synchronizing cluster Integrity. (#11124)
- Refactored the functions in charge of synchronizing files in the cluster. (#13065)
- Changed MD5 hash function to BLAKE2 for cluster file comparison. (#13079)
- Renamed wazuh-logtest and wazuh-clusterd scripts to follow the same scheme as the other scripts (spaces symbolized with _ instead of -). (#12926)
- The agent key polling module has been ported to wazuh-authd. (#10865)
- Added the update field in the CPE Helper for Vulnerability Detector. (#13741)
- Prevented agents with the same ID from connecting to the manager simultaneously. (#11702)
- wazuh-analysisd, wazuh-remoted and wazuh-db metrics have been extended. (#13713)
- Minimized and optimized wazuh-clusterd number of messages from workers to master related to agent-info and agent-groups tasks. (#11753)
- Improved performance of the
agent_groups
CLI when listing agents belonging to a group. (#14244 - Changed wazuh-clusterd binary behaviour to kill any existing cluster processes when executed. (#14475)
- Changed wazuh-clusterd tasks to wait asynchronously for responses coming from wazuh-db. (#14791)
Fixed
- Fixed wazuh-dbd halt procedure. (#10873)
- Fixed compilation warnings in the manager. (#12098)
- Fixed a bug in the manager that did not send shared folders correctly to agents belonging to multiple groups. (#12516)
- Fixed the Active Response decoders to support back the top entries for source IP in reports. (#12834)
- Fixed the feed update interval option of Vulnerability Detector for the JSON Red Hat feed. (#13338)
- Fixed several code flaws in the python framework. (#12127)
- Fixed framework datetime transformations to UTC. (#10782)
- Fixed a cluster error when Master-Worker tasks where not properly stopped after an exception occurred in one or both parts. (#11866)
- Fixed cluster logger issue printing ‘NoneType: None’ in error logs. (#12831)
- Fixed unhandled cluster error when reading a malformed configuration. (#13419)
- Fixed framework unit test failures when they are run by the root user. (#13368)
- Fixed a memory leak in analysisd when parsing a disabled Active Response. (#13405)
- Fixed Syscollector delta message handling. (#13590)
- Prevented wazuh-db from deleting queue/diff when cleaning databases. (#13892)
- Fixed multiple data race conditions in Remoted reported by ThreadSanitizer. (#14981)
- Fixed aarch64 OS collection in Remoted to allow WPK upgrades. (#15151)
- Fixed a race condition in Remoted that was blocking agent connections. (#15165)
- Fixed Virustotal integration to support non UTF-8 characters. (#13531)
- Fixed a bug masking as Timeout any error that might occur while waiting to receive files in the cluster. (#14922)
Removed
- Removed the unused internal option
wazuh_db.sock_queue_size
. (#12409) - Removed all the unused exceptions from the exceptions.py file. (#10940)
- Removed unused execute method from core/utils.py. (#10740)
- Removed unused set_user_name function in the framework. (#13119)
- Unused internal calls to wazuh-db have been deprecated. (#12370)
- Debian Stretch support in Vulnerability Detector has been deprecated. (#14542)
Agent
Added
- Added support of CPU frequency data provided by Syscollector on Raspberry Pi. (#11756)
- Added support for IPv6 address collection in the agent. (#11450)
- Added the process startup time data provided by Syscollector on macOS. (#11833)
- Added support for package retrieval in Syscollector for OpenSUSE Tumbleweed and Fedora 34. (#11571)
- Added the process startup time data provided by Syscollector on macOS. Thanks to @LubinLew. (#11640)
- Added support for package data provided by Syscollector on Solaris. (#11796)
- Added support for delta events in Syscollector when data gets changed. (#10843)
- Added support for pre-installed Windows packages in Syscollector. (#12035)
- Added support for IPv6 on agent-manager connection and enrollment. (#11268)
- Added support for CIS-CAT Pro v3 and v4 to the CIS-CAT integration module. Thanks to @hustliyilin. (#12582)
- Added support for the use of the Azure integration module in Linux agents. (#10870)
- Added new error messages when using invalid credentials with the Azure integration. (#11852)
- Added reparse option to CloudWatchLogs and Google Cloud Storage integrations. (#12515)
- Wazuh Agent can now be built and run on Alpine Linux. (#14726)
- Added native Shuffle integration. (#15054)
Changed
- Improved the free RAM data provided by Syscollector. (#11587)
- The Windows installer (MSI) now provides signed DLL files. (#12752)
- Changed the group ownership of the Modulesd process to root. (#12748)
- Some parts of Agentd and Execd have got refactored. (#12750)
- Handled new exception in the external integration modules. (#10478)
- Optimized the number of calls to DB maintenance tasks performed by the…
Download && Use
Portions Copyright (C) 2017 Wazuh, Inc.
Based on work Copyright (C) 2003 – 2013 Trend Micro, Inc.