wazuh v3.9.1 releases: Host and endpoint security


Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level. This solution, based on lightweight multi-platform agents, provides the following capabilities:

  • Log management and analysis: Wazuh agents read operating system and application logs, and securely forward them to a central manager for rule-based analysis and storage.
  • File integrity monitoring: Wazuh monitors the file system, identifying changes in content, permissions, ownership, and attributes of files that you need to keep an eye on.
  • Intrusion and anomaly detection: Agents scan the system looking for malware, rootkits or suspicious anomalies. They can detect hidden files, cloaked processes or unregistered network listeners, as well as inconsistencies in system call responses.
  • Policy and compliance monitoring: Wazuh monitors configuration files to ensure they are compliant with your security policies, standards or hardening guides. Agents perform periodic scans to detect applications that are known to be vulnerable, unpatched, or insecurely configured.

This diverse set of capabilities is provided by integrating OSSEC, OpenSCAP and Elastic Stack, making them work together as a unified solution, and simplifying their configuration and management.

It provides an updated log analysis ruleset and a RESTful API that allows you to monitor the status and configuration of all Wazuh agents.

It also includes a rich web application (fully integrated as a Kibana app), for mining log analysis alerts and for monitoring and managing your Wazuh infrastructure.

Changelog v3.9.1


  • Added directory existence checking for SCA rules. (#3246)
  • Added line number to error messages when parsing YAML files. (#3325)
  • Enhanced wildcard support for Windows Logcollector. (#3236)


  • Changed the extraction point of the package name in the Vulnerability Detector OVALs. (#3245)


  • Fixed SCA request interval option limit. (#3254)
  • Fixed SCA directory checking. (#3235)
  • Fixed potential out of bounds memory access. (#3285)
  • Fixed CIS-CAT XML report parser. (#3261)
  • Fixed .ssh folder permissions for Agentless. (#2660)
  • Fixed repeated fields in SCA summary events. (#3278)
  • Fixed command output treatment for the SCA module. (#3297)
  • Fixed agent_upgrade tool to set the manager version as the default one. (#2721)
  • Fixed execd crash when timeout list is not initialized. (#3316)
  • Fixed support for reading large files on Windows Logcollector. (#3248)
  • Fixed the manager restarting process via API on Docker. (#3273)
  • Fixed the agent_info files synchronization between cluster nodes. (#3272)


  • Removed 5-second reading timeout for File Integrity Monitoring scan. (#3366)

Download && Use

Portions Copyright (C) 2017 Wazuh, Inc.
Based on work Copyright (C) 2003 – 2013 Trend Micro, Inc.