wazuh v4.1.1 releases: Host and endpoint security

Wazuh

Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the following capabilities:

• Log management and analysis: Wazuh agents read the operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.
• File integrity monitoring: Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on.
• Intrusion and anomaly detection: Agents scan the system looking for malware, rootkits or suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses.
• Policy and compliance monitoring: Wazuh monitors configuration files to ensure they are compliant with your security policies, standards or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured.

This diverse set of capabilities is provided by integrating OSSEC, OpenSCAP and Elastic Stack, making them work together as a unified solution, and simplifying their configuration and management.

It provides an updated log analysis ruleset and a RESTful API that allows you to monitor the status and configuration of all Wazuh agents.

It also includes a rich web application (fully integrated as a Kibana app), for mining log analysis alerts and for monitoring and managing your Wazuh infrastructure.

Changelog v4.1.1

Added

• External dependencies:
  • Added cython (0.29.21) library to Python dependencies. (#7451)
  • Added xmltodict (0.12.0) library to Python dependencies. (#7303)
• API:
  • Added new endpoints to manage rules files. (#7178)
  • Added new endpoints to manage CDB lists files. (#7180)
  • Added new endpoints to manage decoder files. (#7179)
  • Added new manager and cluster endpoints to update Wazuh configuration (ossec.conf). (#7181)

Changed

• External dependencies:
  • Upgraded Python version from 3.8.2 to 3.8.6. (#7451)
  • Upgraded Cryptography python library from 3.2.1 to 3.3.2. (#7451)
  • Upgraded cffi python library from 1.14.0 to 1.14.4. (#7451)
• API:
  • Added raw parameter to GET /manager/configuration and GET cluster/{node_id}/configuration to load ossec.conf in xml format. (#7565)

Fixed

• API:
  • Fixed an error with the RBAC permissions in the GET /groups endpoint. (#7328)
  • Fixed a bug with Windows registries when parsing backslashes. (#7309)
  • Fixed an error with the RBAC permissions when assigning multiple agent:group resources to a policy. (#7393)
  • Fixed an error with search parameter when using special characters. (#7301)
• AWS Module:
  • Fixed a bug that caused an error when attempting to use an IAM Role with CloudWatchLogs service. (#7330)
• Framework:
  • Fixed a race condition bug when using RBAC expand_group function. (#7353)
• Core:
  • Fixed a bug in Windows agent that did not honor the buffer’s EPS limit. (#7333)
  • Fixed a bug in Integratord that might lose alerts from Analysisd due to a race condition. (#7338)
  • Silence the error message when the Syslog forwarder reads an alert with no rule object. (#7539)
  • Fixed a memory leak in Vulnerability Detector when updating NVD feeds. (#7559)

Removed

• API:
  • Deprecated /manager/files and /cluster/{node_id}/files endpoints. (#7209)

Download && Use

Portions Copyright (C) 2017 Wazuh, Inc.
Based on work Copyright (C) 2003 – 2013 Trend Micro, Inc.