This is the documentation for Wazuh 3.9. Check out the docs for the latest version of Wazuh!

3.9.3 Release notes

This section shows the most relevant improvements and fixes in version 3.9.3. More details about these changes are provided in each component changelog:

Wazuh core

  • Log collector will not report Windows Eventchannel events bookmarked by default.
  • Agent-info that are not generated in utf-8 format will be discarded.
  • Fix memory leak in Modules Daemon when your on-demand configuration was requested.
  • Fixed a bug that crashed Analysisd and Logtest when trying rules having <different_geoip> and no <not_same_field> stanza.
  • Fixed the parser of the Canonical’s OVAL feed due to a syntax change.
  • Rules with <list lookup=”address_match_key” /> produced a false match if the CDB list file is missing.
  • Remote configuration was missing the <ignore> stanzas for Syscheck and Rootcheck when defined as sregex.

Wazuh apps

  • Added support for Kibana v7.2.0.
  • Added support for Kibana v6.8.1.
  • Fixed height for the menu directive with Dynamic height.
  • Fixed timepicker in cluster monitoring.
  • Fixed time offset for reporting table.
  • Fixed API call for fetching GDPR requirements in agents.
  • Fixed filters which were not applying when refreshing agents search bar.
  • Fixed wrong fields in never connected agents.
  • Fixed the error message when the App dectects an unexpected Wazuh version.
  • Fixed invalid date message in some web browsers.
  • Fixed missing ignored and ignored_sregex fields in the configuration ondemand.

Wazuh ruleset

  • Changed NGINX decoder to make the field “server” optional. (Credits to @iasdeoupxe).
  • Remove unwanted tailing single quote in Audit decoder. (Credits to @branchnetconsulting).
  • Avoid conflicts between the “uid” and “auid” fields in the Audit decoder. (Credits to @tokibi).
  • Exclude the full log field from rules for AWS, Suricata, VirusTotal, OwnCloud, Vuls, CIS-CAT, Vulnerability Detector, MySQL, Osquery and Azure.