In a world where digital threats evolve unprecedentedly, staying ahead of the curve is a necessity. The Wazuh team is delighted to unveil the latest evolution of their open-source cybersecurity platform, Wazuh 4.6.0. Together with its open-source community, Wazuh has implemented innovative strategies to enhance and fortify its cybersecurity platform to ensure organisation’s IT infrastructure remains resilient.
Wazuh 4.6.0 introduces new security features, enhanced feature sets, improved platform integrations, updated documentation, and better user experience that provide visibility into security data to enable proactive risk management. This development is an important milestone for the Wazuh project and excellent news for its open-source community.
New features in Wazuh 4.6.0
Wazuh 4.6.0 introduces new features that will elevate the security experience. Let’s briefly explore these new features, looking into how they enhance the ability to detect, respond to, and mitigate threats.
Vulnerability detection in AlmaLinux and Debian 12
This release of Wazuh now supports the detection of vulnerabilities in AlmaLinux and Debian 12 among other Linux distributions (Canonical, RedHat, and more). This addition helps to detect and report vulnerabilities across diverse Linux environments, improving security resilience.
API endpoint for ingesting events
Wazuh now provides a new webhook functionality that allows ingesting events via the Wazuh API from third-party platforms for analysis without the need for syslog or agent-based communications. This implementation paves the way for more dynamic integrations and real-time response mechanisms, amplifying automation capabilities and responsiveness.
Features enhancements and bug fixes
Wazuh 4.6.0 ships with several improvements to its existing features. The team has designed each enhancement to empower themselves with even more effective and efficient tools to safeguard digital assets. Can find a summary of these enhancements below.
Expanded feature set
Wazuh has enhanced some of its capabilities to be robust and flexible for better security.
- Support for PCRE2 regex in SCA policies: The Security Configuration Assessment (SCA) module is extended with a more powerful pattern-matching tool, PCRE2, to enhance the auditing and compliance capabilities of Wazuh.
- Wildcard usage for Windows Registry paths in FIM: can now use wildcards in File Integrity Monitoring (FIM) configurations to expand coverage on Registry Paths monitoring.
- DbSync and RSync for FIM: The current implementation of the Integrity Monitoring (FIM) database is replaced with the DbSync and RSync functionality to enhance communication between processes.
- Compatibility with OpenSearch 2.8: Wazuh 4.6.0 is now compatible with OpenSearch 2.8 enabling it to stay current with the latest releases, and improving security. This addition also allows to use of security plugins for alerting and others.
Enhanced user interface and experience
The user interface of the Wazuh platform has been enhanced with minor adjustments to provide with a better user experience.
- Improved design for the agent deployment wizard: The Wazuh agent deployment wizard has been redesigned to include a selection for several operating systems versions, text formatting, and more.
- New search bar component: The search bar component has been reworked to improve usability. Querying and filtering events now accept all operators defined by the Wazuh Query Language including AND and OR.
Improved cloud platform integration
Wazuh has improved Integration with cloud platforms for log collection and real-time log data analysis.
- Support for Microsoft Graph security API: Wazuh now integrates with Microsoft’s Graph security API providing full coverage for ingested logs to easily monitor and analyse security data in a more centralised and streamlined manner.
- Office365 support for GCC/GCCH: The Office365 integration has been expanded to consume events from Microsoft Azure Government Community Cloud (GCC) and Government Community Cloud High (GCCH).
- Support for native exportation of GuardDuty events to S3: The Wazuh module for AWS has been enhanced to support native GuardDuty to S3 buckets. This enhancement simplifies administration as no longer have to interact with Kinesis/Firehose/CloudWatch to export GuardDuty events to S3.
Optimised system performance
Wazuh has implemented strategies to reduce bottlenecks and optimise the performance of the platform.
- Filtering option for logs: The Wazuh log data collection capability helps to gather and consolidate logs from different log sources. The Logcollector module now contains a new filter option to exclude log lines that match specific regex patterns. This filtering option is important in limiting undesired logs from flooding the Wazuh server.
- API log file rotation: Unlike previous versions of Wazuh that rotate the API log files every day at midnight, this release includes an option for log rotation based on the size of the log file. This addition allows to the rotation of the API logs at convenience to meet the organisation's needs.
- Preventing the Wazuh manager from agent incompatibility: Implemented new measures to prevent higher versions of Wazuh agents from connecting to lower versions of Wazuh managers. Kindly check the compatibility matrix for additional information.
Bug fixes
Wazuh 4.6.0 addresses a few bugs discovered in the previous release to enhance the protection of digital assets. Some of the bugs this release addresses involve the following:
- Compilation error in the Wazuh HP-UX 4.6.0 agent.
- Deployment variable WAZUH_MANAGER not working on macOS Ventura x86.
- Shuffle integration fails to send alerts via mail.
- Error in starting the Wazuh Docker image.
- FIM who data monitoring not working on Debian 12 aarch64.
Improve security with Wazuh 4.6.0
The Wazuh team continuously improves the features and capabilities of its platform for better security monitoring, detection, and response. Wazuh also prioritises requests and suggestions of its community users in its releases to ensure always get an improved security platform.
Kindly read the Wazuh 4.6.0 release notes for more information about the features, bug fixes, and performance improvements. For specific details, can also see their changelog.
