3.7.1 Release Notes

This section shows the most relevant improvements and fixes in version 3.7.1. More details about these changes are provided in each component changelog:

Improved who data capabilities for FIM

This version comes with a new option for the FIM configuration. Now is possible to add extra Audit keys using <audit_key> tag. It allows the who data engine to capture Audit events related to the key.

Other minor improvements

Wazuh 3.7.1 includes some other improvements:

  • Restored the support for Amazon Linux on the Vulnerability detector.
  • Improved performance of the Remote service.
  • Added IPv6 support for the host-deny.sh script from Active Response.
  • Included more tracing information to the logs generated on debugging mode.
  • The FIM engine now gives more descriptive messages when a file is not reachable.

New features for Kibana plugin

The main highlights for the Wazuh app for Kibana include a new auto-complete feature for the Dev tools tab, so now the user can start typing an API request to see a list of suggestions.

In addition to this, some refinements and bugfixes were added for better stability and overall performance.

New features for Splunk plugin

The main highlights for the Wazuh app for Splunk include support for extensions, new tabs for VirusTotal and CIS-CAT alerts, the Export as CSV button for several tables and the ability to execute PUT, POST and DELETE requests on the Dev tools tab, along with GET requests.

In addition to this, code refactoring, visual/ UI adjustments, and bugfixes were added for better stability and overall performance.