Introducing Wazuh 4.10.0

We are excited to announce the release of Wazuh 4.10.0. This release introduces integration with Microsoft Intune, enhanced logging for cloud integration modules, and debug symbol generation for macOS, Linux, and Windows. It includes a new vulnerability evaluation status field and major updates to SCA policies for improved security compliance on monitored endpoints. We also refined the Wazuh dashboard by enhancing some page structures and adding a dedicated agent management section to improve the user experience. 

Key highlights

Wazuh integration with Microsoft Intune

Microsoft Intune is a solution for managing various devices, including virtual machines, physical computers, mobile devices, and IoT devices. Wazuh 4.10.0 introduces integration with Microsoft Intune, enabling users to collect and process relevant security data from all managed devices. This integration enhances visibility into all managed endpoint activities, strengthening security monitoring by generating actionable alerts. It helps organizations ensure device administration while maintaining compliance with security policies.

This integration builds on the existing Microsoft Graph API integration, utilizing its framework to interact with Microsoft Intune. It operates synchronously, fetching managed endpoint logs at scheduled intervals, and it can be configured on both the Wazuh agent and the Wazuh manager. Additionally, we added new rules and decoders to enhance detection capabilities and enable efficient alert generation.

Standardized logging for Wazuh cloud security

Troubleshooting issues relating to integrations with cloud platforms such as AWS, Microsoft Azure, and GCP is now more efficient with improved logging. Logs for these integrations currently follow a standardized format, ensuring consistency and simplifying log management. This cloud logger allows users to customize output levels, controlling the type and detail of information displayed by the integration module. Additionally, invalid argument errors trigger informative help messages, simplifying troubleshooting.

Debug symbol for macOS, Linux, and Windows

Debug symbols are now included in the compiled packages for Wazuh across macOS, Linux, and Windows, providing detailed information to analyze crash dumps and resolve issues efficiently. A core dump or crash dump is a snapshot of a process memory taken during a critical system error. It is automatically generated by the operating system and can assist in diagnosing hanging processes. Crash dump generation is also included by default in installers, with the option to enable or disable it. For more details, refer to the configuring core dump generation documentation.

Vulnerability evaluation status

We have improved vulnerability tracking with the introduction of the new vulnerability.under_evaluation field, which provides an Evaluated and Under evaluation filter. 

The vulnerability.under_evaluation field is set to true when a vulnerability lacks a valid base score, classification, or severity data, placing it in the Under evaluation category. This addition is particularly useful for vulnerabilities marked as “AWAITING ANALYSIS” in the National Vulnerability Database (NVD), where no definitive data is available from the Analysis Data Provider (ADP). It allows users to identify and track vulnerabilities that are still under evaluation.

Wazuh dashboard improvements

We have improved the Wazuh dashboard to improve user experience and streamline navigation. Key updates include redesigns of the Overview, Events, and Vulnerability Detection inventory pages, making information easier to access and interact with. We introduced a new Agents management menu to streamline the organization and administration of Wazuh agents.

The Deploy new agent page has been revamped to simplify the deployment process. Also, the Agent detail page has been enhanced with several improvements, including a new Vulnerability Detection widget that highlights vulnerability severity and the Top 5 Packages. These enhancements work together to make the dashboard more efficient while improving the overall user experience and providing easier access to useful features.

Conclusion

Wazuh remains committed to enhancing its platform to provide security features that safeguard IT infrastructures against cybersecurity threats. For detailed information about the latest features, fixes, and performance enhancements in Wazuh 4.10.0, please review our release notes. You can also refer to our changelog for specific updates.Thank you for being an essential part of our community and contributing to the development of a stronger and more user-friendly open source security solution.