3.9.3 Release notes

This section shows the most relevant improvements and fixes in version 3.9.3. More details about these changes are provided in each component changelog:

Wazuh core

  • Log collector will not report Windows Eventchannel events bookmarked by default.

  • Agent-info that are not generated in utf-8 format will be discarded.

  • Fix memory leak in Modules Daemon when your on-demand configuration was requested.

  • Fixed a bug that crashed Analysisd and Logtest when trying rules having <different_geoip> and no <not_same_field> stanza.

  • Fixed the parser of the Canonical’s OVAL feed due to a syntax change.

  • Rules with <list lookup=”address_match_key” /> produced a false match if the CDB list file is missing.

  • Remote configuration was missing the <ignore> stanzas for Syscheck and Rootcheck when defined as sregex.

Wazuh apps

  • Added support for Kibana v7.2.0.

  • Added support for Kibana v6.8.1.

  • Fixed height for the menu directive with Dynamic height.

  • Fixed timepicker in cluster monitoring.

  • Fixed time offset for reporting table.

  • Fixed API call for fetching GDPR requirements in agents.

  • Fixed filters which were not applying when refreshing agents search bar.

  • Fixed wrong fields in never connected agents.

  • Fixed the error message when the App detects an unexpected Wazuh version.

  • Fixed invalid date message in some web browsers.

  • Fixed missing ignored and ignored_sregex fields in the configuration ondemand.

Wazuh ruleset

  • Changed NGINX decoder to make the field “server” optional. (Credits to @iasdeoupxe).

  • Remove unwanted tailing single quote in Audit decoder. (Credits to @branchnetconsulting).

  • Avoid conflicts between the “uid” and “auid” fields in the Audit decoder. (Credits to @tokibi).

  • Exclude the full log field from rules for AWS, Suricata, VirusTotal, OwnCloud, Vuls, CIS-CAT, Vulnerability Detector, MySQL, Osquery and Azure.