Releases
v3.9.0
Added
New module to perform Security Configuration Assessment scans. (#2598 )
New Logcollector features. (#2929 )
Let Logcollector filter files by content. (#2796 )
Added a pattern exclusion option to Logcollector. (#2797 )
Let Logcollector filter files by date. (#2799 )
Let logcollector support wildcards on Windows. (#2898 )
Fluent forwarder for agents. (#2828 )
Collect network and port inventory for Windows XP/Server 2003. (#2464 )
Included inventory fields as dynamic fields in events to use them in rules. (#2441 )
Added an option startup_healthcheck in FIM so that the the who-data health-check is optional. (#2323 )
The real agent IP is reported by the agent and shown in alerts and the App interface. (#2577 )
Added support for organizations in AWS wodle. (#2627 )
Added support for hot added symbolic links in Whodata . (#2466 )
Added -t
option to wazuh-clusterd
binary (#2691 ).
Added options same_field
and not_same_field
in rules to correlate dynamic fields between events. (#2689 )
Added optional daemons start by default. (#2769 )
Make the Windows installer to choose the appropriate ossec.conf
file based on the System version. (#2773 )
Added writer thread preference for Logcollector. (#2783 )
Added database deletion from Wazuh-DB for removed agents. (#3123 )
Changed
Introduced a network buffer in Remoted to cache incomplete messages from agents. This improves the performance by preventing Remoted from waiting for complete messages. (#2528 )
Improved alerts about disconnected agents: they will contain the data about the disconnected agent, although the alert is actually produced by the manager. (#2379 )
PagerDuty integration plain text alert support (by @spartantri ). (#2403 )
Improved Remoted start-up logging messages. (#2460 )
Let agent_auth warn when it receives extra input arguments. (#2489 )
Update the who-data related SELinux rules for Audit 3.0. This lets who-data work on Fedora 29. (#2419 )
Changed data source for network interface's MAC address in Syscollector so that it will be able to get bonded interfaces' MAC. (#2550 )
Migrated unit tests from Check to TAP (Test Anything Protocol). (#2572 )
Now labels starting with _
are reserved for internal use. (#2577 )
Now AWS wodle fetches aws.requestParameters.disableApiTermination with an unified format (#2614 )
Improved overall performance in cluster (#2575 )
Some improvements has been made in the vulnerability-detector module. (#2603 )
Refactor of decoded fields from the Windows eventchannel decoder. (#2684 )
Deprecate global option <queue_size>
for Analysisd. (#2729 )
Excluded noisy events from Windows Eventchannel. (#2763 )
Replaced printf
functions in agent-authd
. (#2830 )
Replaced strtoul()
using NULL arguments with atol()
in wodles config files. (#2801 )
Added a more descriptive message for SSL error when agent-auth fails. (#2941 )
Changed the starting Analysisd messages about loaded rules from info
to debug
level. (#2881 )
Re-structured messages for FIM module. (#2926 )
Changed diff
output in Syscheck for Windows. (#2969 )
Replaced OSSEC e-mail subject with Wazuh in ossec-maild
. (#2975 )
Added keepalive in TCP to manage broken connections in ossec-remoted
. (#3069 )
Fixed
Fixed error in Syscollector for Windows older than Vista when gathering the hardware inventory. (#2326 )
Fixed an error in the OSQuery configuration validation. (#2446 )
Prevent Integrator, Syslog Client and Mail forwarded from getting stuck while reading alerts.json . (#2498 )
Fixed a bug that could make an Agent running on Windows XP close unexpectedly while receiving a WPK file. (#2486 )
Fixed ossec-control script in Solaris. (#2495 )
Fixed a compilation error when building Wazuh in static linking mode with the Audit library enabled. (#2523 )
Fixed a memory hazard in Analysisd on log pre-decoding for short logs (less than 5 bytes). (#2391 )
Fixed defects reported by Cppcheck. (#2521 )
Double free in GeoIP data handling with IPv6.
Buffer overlay when getting OS information.
Check for successful memory allocation in Syscollector.
Fix out-of-memory error in Remoted when upgrading an agent with a big data chunk. (#2594 )
Re-registered agent are reassigned to correct groups when the multigroup is empty. (#2440 )
Wazuh manager starts regardless of the contents of local_decoder.xml . (#2465 )
Let Remoted wait for download module availability. (#2517 )
Fix duplicate field names at some events for Windows eventchannel. (#2500 )
Delete empty fields from Windows Eventchannel alerts. (#2492 )
Fixed memory leak and crash in Vulnerability Detector. (#2620 )
Prevent Analysisd from crashing when receiving an invalid Syscollector event. (#2621 )
Fix a bug in the database synchronization module that left broken references of removed agents to groups. (#2628 )
Fixed restart service in AIX. (#2674 )
Prevent Execd from becoming defunct when Active Response disabled. (#2692 )
Fix error in Syscollector when unable to read the CPU frequency on agents. (#2740 )
Fix Windows escape format affecting non-format messages. (#2725 )
Avoid a segfault in mail daemon due to the XML tags order in the ossec.conf
. (#2711 )
Prevent the key updating thread from starving in Remoted. (#2761 )
Fixed error logging on Windows agent. (#2791 )
Let CIS-CAT decoder reuse the Wazuh DB connection socket. (#2800 )
Fixed issue with agent-auth
options without argument. (#2808 )
Fixed control of the frequency counter in alerts. (#2854 )
Ignore invalid files for agent groups. (#2895 )
Fixed invalid behaviour when moving files in Whodata mode. (#2888 )
Fixed deadlock in Remoted when updating the keyentries
structure. (#2956 )
Fixed error in Whodata when one of the file permissions cannot be extracted. (#2940 )
Fixed System32 and SysWOW64 event processing in Whodata. (#2935 )
Fixed Syscheck hang when monitoring system directories. (#3059 )
Fixed the package inventory for MAC OS X. (#3035 )
Translated the Audit Policy fields from IDs for Windows events. (#2950 )
Fixed broken pipe error when Wazuh-manager closes TCP connection. (#2965 )
Fixed whodata mode on drives other than the main one. (#2989 )
Fixed bug occurred in the database while removing an agent. (#2997 )
Fixed duplicated alerts for Red Hat feed in vulnerability-detector
. (#3000 )
Fixed bug when processing symbolic links in Whodata. (#3025 )
Fixed option for ignoring paths in rootcheck. (#3058 )
Allow Wazuh service on MacOSX to be available without restart. (#3119 )
Ensure internal_options.conf
file is overwritten on Windows upgrades. (#3153 )
Fixed the reading of the setting attempts
of the Docker module. (#3067 )
You can’t perform that action at this time.