3.9.3 Release notes

This section shows the most relevant improvements and fixes in version 3.9.3. More details about these changes are provided in each component changelog:

Wazuh core

  • Log collector will not report Windows Eventchannel events bookmarked by default.
  • Agent-info that are not generated in utf-8 format will be discarded.
  • Fix memory leak in Modules Daemon when your on-demand configuration was requested.
  • Fixed a bug that crashed Analysisd and Logtest when trying rules having <different_geoip> and no <not_same_field> stanza.
  • Fixed the parser of the Canonical’s OVAL feed due to a syntax change.
  • Rules with <list lookup=”address_match_key” /> produced a false match if the CDB list file is missing.
  • Remote configuration was missing the <ignore> stanzas for Syscheck and Rootcheck when defined as sregex.

Wazuh apps

  • Added support for Kibana v7.2.0.
  • Added support for Kibana v6.8.1.
  • Fixed height for the menu directive with Dynamic height.
  • Fixed timepicker in cluster monitoring.
  • Fixed time offset for reporting table.
  • Fixed API call for fetching GDPR requirements in agents.
  • Fixed filters which were not applying when refreshing agents search bar.
  • Fixed wrong fields in never connected agents.
  • Fixed the error message when the App dectects an unexpected Wazuh version.
  • Fixed invalid date message in some web browsers.
  • Fixed missing ignored and ignored_sregex fields in the configuration ondemand.

Wazuh ruleset

  • Changed NGINX decoder to make the field “server” optional. (Credits to @iasdeoupxe).
  • Remove unwanted tailing single quote in Audit decoder. (Credits to @branchnetconsulting).
  • Avoid conflicts between the “uid” and “auid” fields in the Audit decoder. (Credits to @tokibi).
  • Exclude the full log field from rules for AWS, Suricata, VirusTotal, OwnCloud, Vuls, CIS-CAT, Vulnerability Detector, MySQL, Osquery and Azure.