3.5.0 Release notes - 10 August 2018
This section shows the most relevant improvements and fixes in version 3.5.0. More details about these changes are provided in each component changelog.
Wazuh core
- A new integration with osquery is shown, this will provide new scheduled results for the manager: - The osquery daemon will be launched in background. 
- Filter events by osquery by adding a new option in - <location>rules.
- Enrich osquery configuration with pack files aggregation and agent labels. 
- Support folders in shared configuration. 
 
- Parallelized remoted daemon: - Up to 16 parallel threads to decrypt messages from agents. 
- Frequency of agent keys reloading limited. 
- Message input buffer in Analysisd to prevent control messages starvation in Remoted. 
 
- Vulnerability Detector has been enhanced, adding support for other operating systems and improving the configuration of OVAL updates. - Added - feedtag for updating each operating system OVAL, allowing to set a different configuration for each of them.
- Packages already scanned won't be checked unless no Syscollector scans are detected in a period longer than 24 hours. 
- Added arch check for Red Hat's OVAL. 
- Force the vulnerability detection in unsupported OS with the - <allow>attribute.
 
- Fixed alerts format in Vulnerability Detector. When showing Vulnerability Detector alerts from a Red Hat agent, an RHSA patch was shown instead of a CVE. This patch consists in various CVEs compressed. The RHSA patches are unpackaged and alerts manifest that the system is vulnerable to each of the CVEs contained in that RHSA. 
- Added new support for AES encryption for manager and agent. 
- Enhanced active response process. Added a new feature which allows the user to customize the parameters sent to the agent's active response script. 
- Added synchronization for remoted counters (rids), being reloaded if the inode of the file has changed. 
- Windows deletes pending active-responses when an output signal is received. 
- Rootcheck searchs for 32-bit and 64-bit keys. As Windows agent only runs in 32-bit mode, by default Rootcheck was searching only for 32-bit keys. 
- Get Linux packages, DEB and RPM, for Syscollector. 
- Added a new module for downloading shared files for agent groups dynamically. 
- Get running processes, opened ports, network interfaces, Linux (DEB/RPM) and Windows inventories natively for Syscollector. - Added field to the hardware inventory about the RAM usage, without using - wmic.
- Storage of multiple addresses/netmasks/broadcasts per interface in the DB. 
- CentOS 5 compatibility to run the network scan. 
 
Wazuh API
- Added information about the user who made the request in the API logs. 
- New option for downloading the wpk using HTTP in - agent_upgrade.
- Rotation of log files at midnight. 
- Added new API requests for syscollector. 
- Ignore uppercase and lowercase sorting an array. 
Wazuh ruleset
- Added rules for the new osquery integration. 
- Improved CIS-CAT rules. 
- Ignoring syscollector events rule added. 
Wazuh app for Kibana
- As part of the Elastic Stack v6.3.x compatibility process, now we have support for Kuery as query language for the app search bars. 
- Added new tab on Configuration to show the current Wazuh app configuration file values. 
- Added new tab on Configuration to show the latest Wazuh app logs. 
- Added XML/JSON viewer to Management → Configuration. 
- Improved reports, now with a better design and document structure. 
- Human-readability improvements for visualizations, tables and CSV files. 
- Now it’s possible to remove all the API entries from Settings. 
- More design improvements for the Welcome tab on some app sections. 
- More bug fixes, code refactoring and performance improvements. 
In addition to this, the documentation now has a dedicated section for the Wazuh app, where you can learn more about its capabilities, how to configure it and install the X-Pack Security plugin.