We are excited to announce the release of Wazuh 4.9.0. This update introduced support for journald log collection, integration with AWS Security Hub and improved compatibility with OpenSearch 2.13.0. Additionally, there are improvements to WPK packages and enhancements to the Endpoint Summary section in the Wazuh dashboard.
Key highlights
Wazuh integration with AWS Security Hub
Wazuh 4.9.0 integrates with AWS Security Hub, providing users with a unified view of security alerts and the overall security posture of their AWS environment. This integration enhances visibility and streamlines remediation across the entire AWS infrastructure.
AWS Security Hub is a Cloud Security Posture Management (CSPM) service that automates configuration checks based on a collection of security controls across all AWS accounts and regions. This service helps users comply with relevant frameworks and standards such as CIS and PCI DSS. Refer to our documentation for more information about the AWS Security Hub integration.
Support for journald log collection
The Wazuh Logcollector module now gathers log messages from Linux endpoints using journald, which allows it to include structured metadata from systemd logs. This enhancement improves log search capabilities and reliability. In new installations, Wazuh agents will automatically include a basic journald configuration. Also, a predefined ruleset is provided for analyzing the retrieved events, which users can customize according to their business needs. All alerts generated from the captured logs will be accessible in the Wazuh dashboard.
See the Journald log collection document for more information.
Improved WPKs
We have improved the logic of the Wazuh signed packages (WPKs) to handle backup and rollback processes directly. This allows users to securely and remotely apply updates across every installation without needing to access each Wazuh agent individually.
The new WPK packages will contain only the package to be installed (based on the OS and architecture) and an update script. After the update is completed, the script will validate whether the process finished successfully and notify the Wazuh agent. The script also backs up the current version before updating. It ensures that the new version connects to the Wazuh manager, and if the upgrade fails, it automatically reverts to the previous version by restoring the backup.
Refactored and redesigned endpoint summary charts
The Endpoints Summary charts in the Server management section of the Wazuh dashboard have been refactored and redesigned for improved clarity and usability. On the dashboard, users can now view the top operating systems (OS) and groups within the Wazuh server. It also reports with a red status when the version of the Wazuh agent is outdated.
Conclusion
At Wazuh, we are dedicated to continuously improving our platform to provide comprehensive security features that protect IT infrastructure from cybersecurity threats. Kindly review our release notes for more details about the features, fixes, and performance improvements included in Wazuh 4.9.0. For specific information, you can also see our changelog.
Thank you for being an essential part of our community and contributing to a more robust and user-friendly security solution.