Hi everyone. The team is pleased to announce that Wazuh 3.12.0 is released. This new version comes with lots of additions and improvements. Here are the highlights:

Wazuh core

This component is the one that includes more news and improvements.

File integrity monitoring

We have included some new features to improve FIM:

  • Added synchronization capabilities for FIM.
  • Added SQL database for the FIM module. Its storage can be switched between disk and memory.
  • Added FIM module unit testing for Unix source code.
  • Added FIM module unit testing for Windows source code.
  • Moved the FIM logic engine to the agent.


  • Avoided reopening the current socket when Logcollector fails to send an event.
  • Prevent Logcollector from starving when has to reload files.
  • Made Logcollector continuously attempt to reconnect with the agent daemon.


Now Wazuh enlarges its support for S3 buckets:

  • Added support for monitoring Cisco Umbrella S3 buckets.
  • Added support for monitoring AWS S3 buckets in GovCloud regions.

Other fixes and improvements

Apart from these, Wazuh core includes even more improvements and features:

  • Added multi-target support for unit testing.
  • Added a status validation when starting Wazuh.
  • Added automatic reconnection with the Eventchannel service when it is restarted.
  • Made Windows agents send the keep-alive independently.
  • Source IP checking by default in the registration process is no longer enforced.
  • Fixed a small memory leak in clustered.
  • Fixed a crash in the fluent forwarder when SSL is not enabled.
  • Replaced non-reentrant functions to avoid race condition hazards.
  • Fixed the registration of more than one agent as any when forcing to use the source IP.
  • Fixed Windows upgrades in custom directories.
  • Fixed the format of the alert payload passed to the Slack integration.

Wazuh Kibana App

We have added the following features to the Wazuh Kibana App:

  • Added a new setting to hide manager alerts from dashboards.
  • Added a new setting to be able to change API from the top menu.
  • Added a new setting to enable/disable the known fields health check.
  • Added support for PCI 11.2.1 and 11.2.3 rules.

Besides, we have restructured the optimize/wazuh directory. Now the configuration file for the Wazuh Kibana App wazuh.yml will be placed at /usr/share/kibana/optimize directory. Now this directory will have this distribution:

Optimize directory in Wazuh Kibana App. Release Wazuh 3.12.0

Wazuh API

We have made many improvements to the Wazuh API. One of the major changes is that the API’s installation script will enable HTTPS by default. There are some other improvements included in this new version:

  • Added distinct parameter to syscheck endpoints.
  • Added condition field to SCA endpoints.
  • Fixed a bug that made requests not being distributed to the selected node_id.

Wazuh ruleset

The Wazuh ruleset has been improved by adding new rules and fixing some known issues:

  • Extended the rules to detect shellshock attacks (by @iasdeoupxe).
  • Updated Roundcube decoder to support versions greater than 1.4 (by @iasdeoupxe).
  • Added rules and decoders for Junos.
  • Fixed GPG requirement in Windows rules.
  • Improved Cisco decoders and fixed Owlh rule’s IDs conflict.
  • Fixed checkpoint decoders to read events in a different format.

Find out more about this release:

If you have any questions about this, don’t hesitate to check out our documentation to learn more about Wazuh or join our community where our team and contributors will help you.