« Changelog History


Wazuh v3.6.0 Release Notes

Release Date: 2018-08-29 // almost 6 years ago

  • ➕ Added

    • ➕ Add rescanning of expanded files with wildcards in logcollector (#332)
    • Parallelization of logcollector (#627)
      • Now the input of logcollector is multithreaded, reading logs in parallel.
      • A thread is created for each type of output socket.
      • Periodically rescan of new files.
      • New options have been added to internal_options.conf file.
    • ➕ Added statistical functions to remoted. (#682)
    • Rootcheck and Syscheck (FIM) will run independently. (#991)
    • ➕ Add hash validation for binaries executed by the wodle command. (#1027)
    • ➕ Added a recursion level option to Syscheck to set the directory scanning depth. (#1081)
    • Added inactive agent filtering option to agent_control, syscheck_control and rootcheck control_tools. (#1088)
    • ➕ Added custom tags to FIM directories and registries. (#1096)
    • 👌 Improved AWS CloudTrail wodle by @UranusBytes (#913 & #1105).
    • ➕ Added support to process logs from more AWS services: Guard Duty, IAM, Inspector, Macie and VPC. (#1131).
    • Create script for blocking IP's using netsh-advfirewall. (#1172).

    🔄 Changed

    • 🌲 The maximum log length has been extended up to 64 KiB. (#411)
    • 🔄 Changed logcollector analysis message order. (#675)
    • Let hostname field be the name of the agent, without the location part. (#1080)
    • 0️⃣ The internal option syscheck.max_depth has been renamed to syscheck.default_max_depth. (#1081)
    • 🔧 Show warning message when configuring vulnerability-detector for an agent. (#1130)
    • Increase the minimum waiting time from 0 to 1 seconds in Vulnerability-Detector. (#1132)
    • 🏁 Prevent Windows agent from not loading the configuration if an AWS module block is found. (#1143)
    • ⏱ Set the timeout to consider an agent disconnected to 1800 seconds in the framework. (#1155)

    🛠 Fixed

    • 🛠 Fix agent ID zero-padding in alerts coming from Vulnerability Detector. (#1083)
    • 🛠 Fix multiple warnings when agent is offline. (#1086)
    • 🛠 Fixed minor issues in the Makefile and the sources installer on HP-UX, Solaris on SPARC and AIX systems. (#1089)
    • 🛠 Fixed SHA256 changes messages in alerts when it is disabled. (#1100)
    • 🛠 Fixed empty configuration blocks for Wazuh modules. (#1101)
    • 🛠 Fix broken pipe error in Wazuh DB by Vulnerability Detector. (#1111)
    • 🐧 Restored firewall-drop AR script for Linux. (#1114)
    • 🛠 Fix unknown severity in Red Hat systems. (#1118)
    • ➕ Added a building flag to compile the SQLite library externally for the API. (#1119)
    • 🛠 Fixed variables length when storing RAM information by Syscollector. (#1124)
    • 🛠 Fix Red Hat vulnerability database update. (#1127)
    • 🛠 Fix allowing more than one wodle command. (#1128)
    • 🛠 Fixed after_regex offset for the decoding algorithm. (#1129)
    • Prevents some vulnerabilities from not being checked for Debian. (#1166)
    • 🛠 Fixed legacy configuration for vulnerability-detector. (#1174)
    • 🛠 Fix active-response scripts installation for Windows. (#1182).
    • 🛠 Fixed open-scap deadlock when opening large files. (#1206). Thanks to @juergenc for detecting this issue.

    ✂ Removed

    • The 'T' multiplier has been removed from option max_output_size. (#1089)