This is the documentation for Wazuh 3.9. Check out the docs for the latest version of Wazuh!

3.9.1 Release notes

This section shows the most relevant improvements and fixes in version 3.9.1. More details about these changes are provided in each component changelog:

Wazuh core

  • Log collector: Improved wildcards support for Windows platforms. Now, it is possible to set multiple wildcards per path as is shown below:

    <localfile>
        <location>C:\Users\user\Desktop\*test*</location>
        <log_format>syslog</log_format>
        <exclude>C:\Users\user\Desktop\*test*.json</log_format>
    </localfile>
    
  • Fixed crash when an active response command was received and the module was disable

  • Fixed crash when collecting large files on Windows.

  • Fixed Wazuh manager automatic restart via API on Docker containers.

  • Fixed corruption error in cluster agent info files synchronisation.

  • Reverted five seconds reading timeout in FIM scans.

Wazuh apps

  • Added support for Elastic Stack v7.1.0
  • Added support for Elastic Stack v6.8.0
  • Improve dynamic height for configuration editor in Splunk app.
  • Fixed infinite API log fetching, fix a handled but not shown error messages from rule editor in Splunk app.

Wazuh ruleset

  • macOS SCA policies based on CIS benchmarks have been corrected.
  • Windows rules for EventLog and Security Essentials have been fixed as well as the field filters are now more restrictive to avoid false positives.
  • Fixed typo in Windows NT registries within Windows SCA policies.

Elastic Stack 7

Wazuh is now compatible with Elastic Stack 7, which includes, between others, new out of the box Security features.

Additionally, since this Wazuh release, Logstash is no longer required, Filebeat will send the events directly to Elasticsearch server.

Elastic Stack 6.x is still supported by Wazuh.