We are excited to announce the release of Wazuh 4.11.0. This release introduces a modified vulnerability detection process for CVE Numbering Authority (CNA) and updates to the Wazuh AMI and OVA base operating system. It also introduces an enhanced Wazuh Syscollector module for more accurate system inventory reports. Additionally, this release includes enhancements to FIM and SCA decoders, improvements in event processing for the AWS Custom Logs Buckets module, and refinements to the Wazuh dashboard layout.

Wazuh 4.11.0

Key highlights

Enhanced vulnerability detection

Wazuh 4.11.0 now supports vulnerability data sourced from the Cybersecurity and Infrastructure Security Agency (CISA). When available, Wazuh prioritizes CISA-sourced data over the National Vulnerability Database (NVD). This update ensures more detailed vulnerability assessments, reducing false positives and improving alignment with more official security sources.

The Wazuh Vulnerability Detection module follows a structured approach, where the Wazuh server first scans for vulnerabilities using CISA data. If no information is available for a specific CVE from CISA, the scanner automatically falls back to NVD content as a secondary source.

Wazuh Syscollector module improvement

Wazuh Syscollector module now provides improved detection of installed software across macOS and Windows, ensuring accurate software inventory. This release includes better package identification on macOS and expanded detection of pip and npm packages. Additionally, Syscollector now integrates with the Windows Management Instrumentation (WMI) API for more reliable detection of system updates.

These enhancements address previous gaps in software inventory by ensuring the Wazuh agent accurately detects packages across various environments, helping system administrators strengthen compliance checks and security monitoring.

Refer to our documentation on System inventory for more information.

Wazuh AMI and OVA operating system upgrade

The base operating system for Wazuh AMI and OVA virtual machine environments has been upgraded from Amazon Linux 2 (AL2) to Amazon Linux 2023 (AL2023). This update mitigates security vulnerabilities in AL2 and ensures continued compatibility as AL2 approaches its end of life.

By adopting AL2023, deployments benefit from the latest security patches, improved system performance, and enhanced compliance with modern security standards, providing a more secure and optimized environment for virtualized infrastructures.

Conclusion

Wazuh remains dedicated to improving its platform to deliver robust security features that protect IT infrastructures from cybersecurity threats. For detailed information about the latest features, fixes, and performance enhancements in Wazuh 4.11.0, please review our release notes. You can also refer to our changelog for specific updates.Thank you for being a valued part of our community and contributing to the growth of a stronger, more user-friendly open source security solution.

Related content