The team is pleased to announce the release of Wazuh 3.12.0. This new version comes with lots of additions and improvements, so here are the highlights:
This component is the one that includes more news and improvements.
File integrity monitoring
We have included some new features to improve FIM:
- Added synchronization capabilities for FIM.
- Added SQL database for the FIM module. Its storage can be switched between disk and memory.
- Added FIM module unit testing for Unix source code.
- Added FIM module unit testing for Windows source code.
- Moved the FIM logic engine to the agent.
- Avoided reopening the current socket when Logcollector fails to send an event.
- Prevent Logcollector from starving when has to reload files.
- Made Logcollector continuously attempt to reconnect with the agent daemon.
Now Wazuh enlarges its support for S3 buckets:
- Added support for monitoring Cisco Umbrella S3 buckets.
- Added support for monitoring AWS S3 buckets in GovCloud regions.
Other fixes and improvements
Apart from these, Wazuh core includes even more improvements and features:
- Added multi-target support for unit testing.
- Added a status validation when starting Wazuh.
- Added automatic reconnection with the Eventchannel service when it is restarted.
- Made Windows agents send the keep-alive independently.
- Source IP checking by default in the registration process is no longer enforced.
- Fixed a small memory leak in clustered.
- Fixed a crash in the fluent forwarder when SSL is not enabled.
- Replaced non-reentrant functions to avoid race condition hazards.
- Fixed the registration of more than one agent as any when forcing to use the source IP.
- Fixed Windows upgrades in custom directories.
- Fixed the format of the alert payload passed to the Slack integration.
Wazuh Kibana App
We have added the following features to the Wazuh Kibana App:
- Added a new setting to hide manager alerts from dashboards.
- Added a new setting to be able to change API from the top menu.
- Added a new setting to enable/disable the known fields health check.
- Added support for PCI 11.2.1 and 11.2.3 rules.
Besides, we have restructured the
optimize/wazuh directory. Now the configuration file for the Wazuh Kibana App
wazuh.yml will be placed at
/usr/share/kibana/optimize directory. Now this directory will have this distribution:
We have made many improvements to the Wazuh API. One of the major changes is that the API’s installation script will enable HTTPS by default. There are some other improvements included in this new version:
- Added distinct parameter to syscheck endpoints.
- Added condition field to SCA endpoints.
- Fixed a bug that made requests not being distributed to the selected
The Wazuh ruleset has been improved by adding new rules and fixing some known issues:
- Extended the rules to detect shellshock attacks (by @iasdeoupxe).
- Updated Roundcube decoder to support versions greater than 1.4 (by @iasdeoupxe).
- Added rules and decoders for Junos.
- Fixed GPG requirement in Windows rules.
- Improved Cisco decoders and fixed Owlh rule’s IDs conflict.
- Fixed checkpoint decoders to read events in a different format.
Further information and documentation can be found in the following URLs: