v4.8.0-alpha2
版本发布时间: 2024-01-09 22:55:00
wazuh/wazuh最新发布版本:v4.9.0-rc1(2024-08-21 19:52:07)
Manager
Added
- Added new query "rollback" to wazuh-db. (#16058)
Changed
- Vulnerability Detection refactor. (#21201)
- Improved wazuh-db detection of deleted database files. (#18476)
- Added timeout and retry parameters to the VirusTotal integration. (#16893)
- Extended wazuh-analysisd EPS metrics with events dropped by overload and remaining credits in the previous cycle. (#18988)
- Replaced Filebeat's date index name processor. (#19819)
- Updated API and framework packages installation commands to use pip instead of direct invocation of setuptools. (#18466)
- Upgraded docker-compose V1 to V2 in API Integration test scripts. (#17750)
- Refactored how cluster status dates are treated in the cluster. (#17015)
Fixed
- Updated cluster connection cleanup to remove temporary files when the connection between a worker and a master is broken. (#17886)
Agent
Added
- Added snap package manager support to Syscollector. (#15740)
- Added event size validation for the external integrations. (#17932)
- Added new unit tests for the AWS integration. (#17623)
- Added mapping geolocation for AWS WAF integration. (#20649)
Changed
- Disabled host's IP query by Logcollector when ip_update_interval=0. (#18574)
- The MS Graph integration module now supports multiple tenants. (#19064)
- FIM now buffers the Linux audit events for who-data to prevent side effects in other components. (#16200)
- The sub-process execution implementation has been improved. (#19720)
- Refactored and modularized the AWS integration code. (#17623)
Fixed
- Fixed process path retrieval in Syscollector on Windows XP. (#16839)
- Fixed detection of the OS version on Alpine Linux. (#16056)
- Fixed Solaris 10 name not showing in the Dashboard. (#18642)
RESTful API
Added
- Added new
GET /manager/version/checkendpoint to obtain information about new releases of Wazuh. (#19952) - Introduced an
autooption for the ssl_protocol setting in the API configuration. This enables automatic negotiation of the TLS certificate to be used. (#20420)
Fixed
- Fixed a warning from SQLAlchemy involving detached Roles instances in RBAC. (#20527)
Removed
- Removed
PUT /vulnerability,GET /vulnerability/{agent_id},GET /vulnerability/{agent_id}/last_scanandGET /vulnerability/{agent_id}/summary/{field}API endpoints as they were deprecated in version 4.7.0. Use the Wazuh indexer REST API instead. (#20119)
Ruleset
Added
- Added new SCA policy for Amazon Linux 2023. (#17780)
- Added new SCA policy for Rocky Linux 8. (#17784)
- Added rules to detect IcedID attacks. (#19528)
Changed
- SCA policy for Ubuntu Linux 18.04 rework. (#18721)
- SCA policy for Ubuntu Linux 22.04 rework. (#17515)
- SCA policy for Red Hat Enterprise Linux 7 rework. (#18440)
- SCA policy for Red Hat Enterprise Linux 8 rework. (#17770)
- SCA policy for Red Hat Enterprise Linux 9 rework. (#17412)
- SCA policy for CentOS 7 rework. (#17624)
- SCA policy for CentOS 8 rework. (#18439)
- SCA policy for Debian 8 rework. (#18010)
- SCA policy for Debian 10 rework. (#17922)
- SCA policy for Amazon Linux 2 rework. (#18695)
- SCA policy for SUSE Linux Enterprise 15 rework. (#18985)
- SCA policy for macOS 13.0 Ventura rework. (#19037)
- SCA policy for Microsoft Windows 10 Enterprise rework. (#19515)
- SCA policy for Microsoft Windows 11 Enterprise rework. (#20044)
- Update MITRE DB to v13.1. (#17518)
Other
Changed
- Upgraded external aiohttp library dependency version to 3.8.5. (#20003)
- Upgraded external cryptography library dependency version to 41.0.4. (#20003)
- Upgraded external numpy library dependency version to 1.26.0. (#20003)
- Upgraded external grpcio library dependency version to 1.58.0. (#20003)
- Upgraded external pyarrow library dependency version to 14.0.1. (#20003)
- Upgraded embedded Python version to 3.10.13. (#20003)