We are thrilled to announce the release of Wazuh 4.8.0. This update introduces a rework of the Wazuh Vulnerability Detector module and improvements to the Wazuh dashboard user interface (UI) and user experience (UX). It includes updates to the VirusTotal integration and the MITRE ATT&CK database among others.

Wazuh 4.8.0

Key highlights

Redesigned Vulnerability Detector module

The Wazuh Vulnerability Detector module has been redesigned to allow users to perform global queries of vulnerabilities across various endpoints. In Wazuh 4.8, users can now view vulnerabilities across all monitored endpoints within an IT infrastructure. We now aggregate vulnerability information from external sources, including Canonical, Debian, Red Hat, Arch Linux, ALAS, Microsoft, and the NVD, into our Cyber Threat Intelligence (CTI) repository. The Wazuh CTI repository is an online service that acts as a central feed for vulnerability data and update checks. The Vulnerability Detector module pulls this data from the Wazuh repository, ensuring users can access the latest vulnerability information.

Vulnerability Detection

The image below demonstrates how to filter for all endpoints and packages impacted by a vulnerability.

Wazuh 4.8.0 Vulnerability Detection

Improved user interface and user experience

We have redesigned the Wazuh dashboard to enhance the user experience, making navigation and operation more intuitive.

Wazuh Dashboard Overview


We replaced the top navigation Modules menu with a left global menu, allowing users to easily access each part of the platform.

Top Navigation Modules

Users can receive notifications when a new Wazuh update is available, with the option to dismiss these notifications and opt out of future alerts.

Notifications Server API

Support for Snap packages

Wazuh now supports inventorying packages installed via the Snap package manager, providing enhanced visibility into software management on Linux endpoints. This new feature allows Wazuh to offer more comprehensive monitoring and security for systems utilizing Snap packages, ensuring better detection of vulnerabilities and software changes.

Updated MITRE ATT&CK database

Wazuh has upgraded its MITRE ATT&CK database to version 13.1. This update enhances the ability of Wazuh to precisely map detected threats to the MITRE ATT&CK framework’s tactics and techniques. Mapping threats to MITRE ATT&CK is crucial as it provides a standardized methodology for identifying and responding to adversary behaviors, improving threat detection and response capabilities across your IT infrastructure.

Enhanced VirusTotal integration

We have enhanced the Wazuh integration with VirusTotal to ensure that File Integrity Monitoring (FIM) alerts are resent to VirusTotal if no response is received from an earlier query. Additionally, we improved the integration’s logging to provide more insight into the communication between Wazuh and VirusTotal.

Updated Wazuh indexer

We have updated and repackaged the Wazuh indexer with OpenSearch 2.10.0. This upgrade ensures compatibility with the security enhancements of OpenSearch, providing a more secure platform for Wazuh users.

Conclusion

At Wazuh, we are dedicated to continually enhancing the Wazuh platform and equipping it with capabilities to protect your IT infrastructure against security threats. Our updates also consider user feedback and suggestions, ensuring an increasingly robust and user-friendly security platform.

Kindly read our release notes for more information about the features, fixes, and performance improvements included in Wazuh 4.8.0. You can also read our changelog for specific details about this release.

Related content