Wazuh v3.5.0 Release Notes
Release Date: 2018-08-10 // almost 6 years ago-
โ Added
- ๐ Improved configuration of OVAL updates. (#416)
- โ Added selective agent software request in vulnerability-detector. (#404)
- ๐ง Get Linux packages inventory natively. (#441)
- ๐ Get Windows packages inventory natively. (#471)
- ๐ Supporting AES encryption for manager and agent. (#448)
- โ Added Debian and Ubuntu 18 support in vulnerability-detector. (#470)
- โ Added Rids Synchronization. (#459)
- โ Added option for setting the group that the agent belongs to when registering it with authd (#460)
- โ Added option for setting the source IP when the agent registers with authd (#460)
- โ Added option to force the vulnerability detection in unsupported OS. (#462)
- Get network inventory natively. (#546)
- โ Add arch check for Red Hat's OVAL in vulnerability-detector. (#625)
- Integration with Osquery. (#627)
- Enrich osquery configuration with pack files aggregation and agent labels as decorators.
- Launch osquery daemon in background.
- Monitor results file and send them to the manager.
- New option in rules
<location>
to filter events by osquery. - Support folders in shared configuration. This makes easy to send pack folders to agents.
- Basic ruleset for osquery events and daemon logs.
- ๐ Boost Remoted performance with multithreading. (#649)
- Up to 16 parallel threads to decrypt messages from agents.
- Limit the frequency of agent keys reloading.
- Message input buffer in Analysisd to prevent control messages starvation in Remoted.
- Module to download shared files for agent groups dinamically. (#519)
- Added group creation for files.yml if the group does not exist. (#1010)
- โ Added scheduling options to CIS-CAT integration. (#586)
- โฌ๏ธ Option to download the wpk using http in
agent_upgrade
. (#798) - โ Add
172.0.0.1
as manager IP when creatingglobal.db
. (#970) - ๐ New requests for Syscollector. (#728)
cluster_control
shows an error if the status does not exist. (#1002)- ๐ Get Windows hardware inventory natively. (#831)
- Get processes and ports inventory by the Syscollector module.
- โ Added an integration with Kaspersky Endpoint Security for Linux via Active Response. (#1056)
๐ Changed
- โ Add default value for option -x in agent_control tool.
- ๐ External libraries moved to an external repository.
- Ignore OverlayFS directories on Rootcheck system scan.
- Extracts agent's OS from the database instead of the agent-info.
- ๐ Increases the maximum size of XML parser to 20KB.
- Extract CVE instead of RHSA codes into vulnerability-detector. (#549)
- Store CIS-CAT results into Wazuh DB. (#568)
- โ Add profile information to CIS-CAT reports. (#658)
- ๐ Merge external libraries into a unique shared library. (#620)
- ๐ Cluster log rotation: set correct permissions and store rotations in /logs/ossec. (#667)
Distinct
requests don't allowlimit=0
orlimit>maximun_limit
. (#1007)- ๐ Deprecated arguments -i, -F and -r for Authd. (#1013)
- Increase the internal memory for real-time from 12 KiB to 64 KiB. (#1062)
๐ Fixed
- ๐ Fixed invalid alerts reported by Syscollector when the event contains the word "error". (#461)
- Silenced Vuls integration starting and ending alerts. (#541)
- ๐ Fix problem comparing releases of ubuntu packages. (#556)
- ๐ Windows delete pending active-responses before reset agent. (#563)
- ๐ Fix bug in Rootcheck for Windows that searches for keys in 32-bit mode only. (#566)
- Alert when unmerge files fails on agent. (#731)
- ๐ Fixed bugs reading logs in framework. (#856)
- Ignore uppercase and lowercase sorting an array in framework. (#814)
- Cluster: reject connection if the client node has a different cluster name. (#892)
- Prevent
the JSON object must be str, not 'bytes'
error. (#997) - ๐ Fix long sleep times in vulnerability detector.
- ๐ Fix inconsistency in the alerts format for the manager in vulnerability-detector.
- ๐ Fix bug when processing the packages in vulnerability-detector.
- Prevent to process Syscollector events by the JSON decoder. (#674)
- Stop Syscollector data storage into Wazuh DB when an error appears. (#674)
- ๐ Fix bug in Syscheck that reported false positive about removed files. (#1044)
- ๐ Fix bug in Syscheck that misinterpreted no_diff option. (#1046)
- ๐ Fixes in file integrity monitoring for Windows. (#1062)
- Fix Windows agent crash if FIM fails to extract the file owner.
- Prevent FIM real-time mode on Windows from stopping if the internal buffer gets overflowed.
- ๐ Prevent large logs from flooding the log file by Logcollector. (#1067)
- ๐ Fix allowing more than one wodle command and compute command timeout when ignore_output is enabled. (#1102)
โ Removed