Cyber security

Wazuh v4.9.0 – Comprehensive Overview Of Latest Enhancements And Fixes

Its latest enhancements and fixes that fortify cybersecurity measures. This version introduces significant improvements across its Manager and Agent components, boosts performance in vulnerability scanners, and expands its integration capabilities.

Explore the detailed changes and new features that further elevate Wazuh’s robust security framework.

Added

  • The manager now supports alert forwarding to Fluentd. (#17306)
  • Added missing functionality for vulnerability scanner translations. (#23518)
  • Improved performance for vulnerability scanner translations. (#23722)
  • Enhanced vulnerability scanner logging to be more expressive. (#24536)
  • Added the HAProxy helper to manage load balancer configuration and automatically balance agents. (#23513)
  • Added a validation to avoid killing processes from external services. (#23222)
  • Enabled ceritificates validation in the requests to the HAProxy helper using the default CA bundle. (#23996)

Fixed

  • Fixed compilation issue for local installation. (#20505)
  • Fixed malformed JSON error in wazuh-analysisd. (#16666)
  • Fixed a warning when uninstalling the Wazuh manager if the VD feed is missing. (#24375)
  • Ensured vulnerability detection scanner log messages end with a period. (#24393)

Changed

  • Changed error messages about recv() messages from wazuh-db to debug logs. (#20285)
  • Sanitized the integrations directory code. (#21195)

Agent

Added

  • Added debug logging in FIM to detect invalid report change registry values. Thanks to Zafer Balkan (@zbalkan). (#21690)
  • Added Amazon Linux 1 and 2023 support for the installation script. (#21287)
  • Added Journald support in Logcollector. (#23137)
  • Added support for Amazon Security Hub via AWS SQS. (#23203)

Fixed

  • Fixed loading of whodata through timeouts and retries. (#21455)
  • Avoided backup failures during WPK update by adding dependency checking for the tar package. (#21729)
  • Fixed a crash in the agent due to a library incompatibility. (#22210)
  • Fixed an error in the osquery integration on Windows that avoided loading osquery.conf. (#21728)
  • Fixed a crash in the agent’s Rootcheck component when using <ignore>. (#22588)
  • Fixed command wodle to support UTF-8 characters on windows agent. (#19146)
  • Fixed Windows agent to delete wazuh-agent.state file when stopped. (#20425)
  • Fixed Windows Agent 4.8.0 permission errors on Windows 11 after upgrade. (#20727)
  • Fixed alerts are created when syscheck diff DB is full. (#16487)
  • Fixed Wazuh deb uninstallation to remove non-config files. (#2195)
  • Fixed improper Windows agent ACL on non-default installation directory. (#23273)
  • Fixed socket configuration of an agent is displayed. (#17664)
  • Fixed wazuh-modulesd printing child process not found error. (#18494)
  • Fixed issue with an agent starting automatically without reason. (#23848)
  • Fixed GET /syscheck to properly report size for files larger than 2GB. (#17415)
  • Fixed error in packages generation centos 7. (#24412)
  • Fixed Wazuh deb uninstallation to remove non-config files from the installation directory. (#2195)
  • Fixed Azure auditLogs/signIns status parsing (thanks to @jmnis for the contribution). (#22392)
  • Fixed how the S3 object keys with special characters are handled in the Custom Logs Buckets integration. (#22621)

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

ROADTools: The Modern Azure AD Exploration Framework

ROADTools is a powerful framework designed for exploring and interacting with Microsoft Azure Active Directory…

10 hours ago

How to Enumerate Microsoft 365 Groups Using PowerShell and Python

Microsoft 365 Groups (also known as M365 Groups or Unified Groups) are at the heart…

10 hours ago

SeamlessPass: Using Kerberos Tickets to Access Microsoft 365

SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain…

1 day ago

PPLBlade: Advanced Memory Dumping and Obfuscation Tool

PPLBlade is a powerful Protected Process Dumper designed to capture memory from target processes, hide…

1 day ago

HikPwn : Simple Scanner For Hikvision Devices With Basic Vulnerability Scanning

HikPwn: Comprehensive Guide to Scanning Hikvision Devices for Vulnerabilities If you’re searching for an efficient…

2 days ago

Comments in Bash Scripts

What Are Bash Comments? Comments in Bash scripts, are notes in your code that the…

1 week ago