We are thrilled to announce the release of Wazuh 4.7.0. This release introduces a native Maltiverse integration and improvements to the Syscollector and Vulnerability Detector modules, among other updates. Below, you can explore some of the new features and improvements of our latest release.

Key highlights

Maltiverse integration

Wazuh 4.7.0 now features native integration with the Maltiverse threat intelligence platform. Maltiverse provides a cyber threat intelligence feed containing information about threats and their potential indicators of compromise (IOCs). This new integration improves the ability of security teams to acquire valuable insights about potential threats within their environment. Refer to our documentation for more information about the Maltiverse integration

Wazuh 4.7.0

Vulnerability detection coverage for Amazon Linux 2023

The Wazuh Vulnerability Detector module has extended its vulnerability detection capabilities to support the Amazon Linux 2023 operating system. This addition complements the existing coverage for Amazon Linux 1 and 2 systems, enhancing the overall visibility of vulnerabilities. See the compatibility matrix of the Vulnerability Detector module for more information.

System inventory capability improvements

Wazuh 4.7.0 brings valuable enhancements to the Syscollector module, aimed at improving system inventory capabilities for maintaining robust security hygiene in IT infrastructures. Notable updates include:

  • Extending the scope of the Syscollector module with the capability to collect MacPorts-supported, PYPI, and NPM packages. For more information, refer to the compatibility matrix of the Syscollector module.
  • Support for collecting system inventory data such as ports, installed packages, and network interfaces from Alpine Linux endpoints.
  • The introduction of more inventory information about ports on Linux systems.
Wazuh 4.7.0 release

Cloud security enhancements

  • Support for custom AWS logs: Wazuh has expanded its log collection capability for AWS logs. Previously limited to only supported services and custom logs already processed by AWS Firehose, Wazuh now integrates with AWS Simple Querying Service (SQS). SQS is an AWS fully managed message queuing service. Wazuh can now process custom logs from applications and services that were not previously supported by utilizing AWS SQS and S3 buckets. This allows Wazuh to fetch JSON, CSV, and plain text logs from any custom path, even from environments outside of AWS. Read more about this capability in our documentation.
  • GeoIP feature for the AWS ALB service: Wazuh introduces geolocation capabilities for IP addresses in AWS Application Load Balancing (ALB) events. This feature enhances the analysis of events within the AWS ALB service by providing geolocation data for IP addresses.

These cloud security enhancements fortify Wazuh capabilities in handling a broader range of events and provide advanced insights into the geographical origin of AWS ALB events.


At Wazuh, we are committed to continuously improving and providing you with advanced security capabilities and features to enhance your IT security posture. We also express our gratitude for being an integral part of our community.

Kindly review our release notes for more details about the features, fixes, and performance improvements included in Wazuh 4.7.0. For specific details, you can also see our changelog.