Wazuh v3.6.0 Release Notes
Release Date: 2018-08-29 // almost 6 years ago-
➕ Added
- ➕ Add rescanning of expanded files with wildcards in logcollector (#332)
- Parallelization of logcollector (#627)
- Now the input of logcollector is multithreaded, reading logs in parallel.
- A thread is created for each type of output socket.
- Periodically rescan of new files.
- New options have been added to internal_options.conf file.
- ➕ Added statistical functions to remoted. (#682)
- Rootcheck and Syscheck (FIM) will run independently. (#991)
- ➕ Add hash validation for binaries executed by the wodle
command
. (#1027) - ➕ Added a recursion level option to Syscheck to set the directory scanning depth. (#1081)
- Added inactive agent filtering option to agent_control, syscheck_control and rootcheck control_tools. (#1088)
- ➕ Added custom tags to FIM directories and registries. (#1096)
- 👌 Improved AWS CloudTrail wodle by @UranusBytes (#913 & #1105).
- ➕ Added support to process logs from more AWS services: Guard Duty, IAM, Inspector, Macie and VPC. (#1131).
- Create script for blocking IP's using netsh-advfirewall. (#1172).
🔄 Changed
- 🌲 The maximum log length has been extended up to 64 KiB. (#411)
- 🔄 Changed logcollector analysis message order. (#675)
- Let hostname field be the name of the agent, without the location part. (#1080)
- 0️⃣ The internal option
syscheck.max_depth
has been renamed tosyscheck.default_max_depth
. (#1081) - 🔧 Show warning message when configuring vulnerability-detector for an agent. (#1130)
- Increase the minimum waiting time from 0 to 1 seconds in Vulnerability-Detector. (#1132)
- 🏁 Prevent Windows agent from not loading the configuration if an AWS module block is found. (#1143)
- ⏱ Set the timeout to consider an agent disconnected to 1800 seconds in the framework. (#1155)
🛠 Fixed
- 🛠 Fix agent ID zero-padding in alerts coming from Vulnerability Detector. (#1083)
- 🛠 Fix multiple warnings when agent is offline. (#1086)
- 🛠 Fixed minor issues in the Makefile and the sources installer on HP-UX, Solaris on SPARC and AIX systems. (#1089)
- 🛠 Fixed SHA256 changes messages in alerts when it is disabled. (#1100)
- 🛠 Fixed empty configuration blocks for Wazuh modules. (#1101)
- 🛠 Fix broken pipe error in Wazuh DB by Vulnerability Detector. (#1111)
- 🐧 Restored firewall-drop AR script for Linux. (#1114)
- 🛠 Fix unknown severity in Red Hat systems. (#1118)
- ➕ Added a building flag to compile the SQLite library externally for the API. (#1119)
- 🛠 Fixed variables length when storing RAM information by Syscollector. (#1124)
- 🛠 Fix Red Hat vulnerability database update. (#1127)
- 🛠 Fix allowing more than one wodle command. (#1128)
- 🛠 Fixed
after_regex
offset for the decoding algorithm. (#1129) - Prevents some vulnerabilities from not being checked for Debian. (#1166)
- 🛠 Fixed legacy configuration for
vulnerability-detector
. (#1174) - 🛠 Fix active-response scripts installation for Windows. (#1182).
- 🛠 Fixed
open-scap
deadlock when opening large files. (#1206). Thanks to @juergenc for detecting this issue.
✂ Removed
- The 'T' multiplier has been removed from option
max_output_size
. (#1089)