We’re excited to announce the release of Wazuh 4.14.0. This version enhances the IT Hygiene capability with an expanded inventory that now includes browser extensions, endpoint services, users, and groups. It also introduces a new Microsoft Graph API dashboard for monitoring activity and audit events from Microsoft cloud services, and adds support for hot reload of Wazuh agent configuration. In addition, this release delivers multiple reliability, performance, and security improvements across the platform.
Key highlights
Expanded endpoint inventory
Wazuh 4.14.0 expands endpoint visibility with unified inventory dashboards for browser extensions, endpoint services, users, and groups. You can view these inventories in the IT Hygiene section of the Wazuh dashboard, which provides centralized and easy access to detailed endpoint data.
The Browser extensions inventory under the Software section consolidates data across Windows, macOS, and Linux monitored endpoints, providing visibility into installed browser add-ons for security auditing, incident response, and compliance monitoring.
The Services inventory unifies data from Windows services, macOS services, and Linux systemd units, providing consistent visibility into service states, startup types, and compliance insights across monitored systems.
The Users and Groups inventories in the Identity section consolidate account information collected from monitored endpoints. The Users inventory lists details such as username, type, identifier (ID), and shell. The Groups inventory includes the group identifier (ID) and name.
For more information, please refer to the System inventory documentation.
Microsoft Graph API dashboard
Wazuh adds a dedicated dashboard for monitoring the Microsoft Graph services, including Microsoft Azure cloud events. It provides built-in visualizations and queries for Microsoft Graph security data, supports CSV export, and includes GeoIP processors for key event fields.
The Dashboard section displays key activity metrics such as operation types, result statuses, top regions, top security alerts, and event distribution over time. It includes a geolocation map that displays Microsoft Graph service activity by region and integrates GeoIP processors for key event fields, allowing location-based analysis of cloud operations. Users can export dashboard data as a CSV file for external review or reporting.
The Events section allows you to inspect and filter logs for Microsoft Graph services and audit data, offering insights into activity outcomes, rule matches, and alert levels.
The Microsoft Graph API dashboard aligns with other Wazuh cloud dashboards, such as those for AWS and GCP, ensuring a consistent experience for multi-cloud monitoring within the Wazuh platform.
For more information, please refer to the Monitoring Microsoft Azure with Wazuh documentation.
Wazuh agent hot reload configuration
Wazuh agents can now use the hot reload feature to apply centralized configuration changes dynamically, without restarting or losing connection to the Wazuh manager. When the Wazuh agent receives an updated configuration from the Wazuh manager, it reloads the configuration instead of performing a full restart.
Modified settings are automatically applied, improving configuration flexibility while reducing operational downtime in large IT environments. When configuration updates are applied, the Wazuh agent generates log entries confirming the reload operation and specifying the updated parameters.
Conclusion
Wazuh remains dedicated to strengthening its platform to deliver robust security and visibility across IT environments. For more information on the new features, enhancements, and fixes in Wazuh 4.14.0, please check out our detailed release notes. A comprehensive list of all technical updates is available in the changelog.
Thank you for being a part of our community and helping us build a stronger, more reliable, and user-friendly open source security solution.