Added
- Add support to Windows agents for vulnerability detector. (#2787)
- Add support to Debian 10 Buster for vulnerability detector (by @aderumier). (#4151)
- Make the Wazuh service to start after the network systemd unit (by @VAdamec). (#1106)
- Add process inventory support for Mac OS X agents. (#3322)
- Add port inventory support for MAC OS X agents. (#3349)
- Make Analysisd compile the CDB list upon start. (#3488)
- New rules option
global_frequency
to make frequency rules independent from the event source. (#3931) - Add a validation for avoiding agents to keep trying to connect to an invalid address indefinitely. (#3951)
- Add the condition field of SCA checks to the agent databases. (#3631)
- Display a warning message when registering to an unverified manager. (#4207)
- Allow JSON escaping for logs on Logcollector's output format. (#4273)
- Add TCP keepalive support for Fluent Forwarder. (#4274)
- Add the host's primary IP to Logcollector's output format. (#4380)
Changed
- Now EventChannel alerts include the full message with the translation of coded fields. (#3320)
- Changed
-G
agent-auth description in help message. (#3856) - Unified the Makefile flags allowed values. (#4034)
- Let Logcollector queue file rotation and keepalive messages. (#4222)
- Changed default paths for the OSQuery module in Windows agents. (#4148)
- Fluent Forward now packs the content towards Fluentd into an object. (#4334)
Fixed
- Fix frequency rules to be increased for the same agent by default. (#3931)
- Fix
protocol
,system_name
,data
andextra_data
static fields detection. (#3591) - Fix overwriting agents by
Authd
whenforce
option is less than 0. (#3527) - Fix Syscheck
nodiff
option for substring paths. (#3015) - Fix Logcollector wildcards to not detect directories as log files. (#3788)
- Make Slack integration work with agentless alerts (by @dmitryax). (#3971)
- Fix bugs reported by Clang analyzer. (#3887)
- Fix compilation errors on OpenBSD platform. (#3105)
- Fix on-demand configuration labels section to obtain labels attributes. (#3490)
- Fixed race condition between
wazuh-clusterd
andwazuh-modulesd
showing a 'No such file or directory' incluster.log
when synchronizing agent-info files in a cluster environment (#4007) - Fixed 'ConnectionError object has no attribute code' error when package repository is not available (#3441)
- Fix the blocking of files monitored by Who-data in Windows agents. (#3872)
- Fix the processing of EventChannel logs with unexpected characters. (#3320)
- Active response Kaspersky script now logs the action request in active-responses.log (#2748)
- Fix service's installation path for CentOS 8. (#4060)
- Add macOS Catalina to the list of detected versions. (#4061)
- Prevent FIM from producing false negatives due to wrong checksum comparison. (#4066)
- Fix
previous_output
count for alerts when matching by group. (#4097) - Fix event iteration when evaluating contextual rules. (#4106)
- Fix the use of
prefilter_cmd
remotely by a new local optionallow_remote_prefilter_cmd
. (#4178 & 4194) - Fix restarting agents by group using the API when some of them are in a worker node. (#4226)
- Fix error in Fluent Forwarder that requests an user and pass although the server does not need it. (#3910)
- Fix FTS data length bound mishandling in Analysisd. (#4278)
- Fix a memory leak in Modulesd and Agentd when Fluent Forward parses duplicate options. #4334)
- Fix an invalid memory read in Agentd when checking a remote configuration containing an invalid stanza inside
<labels>
. #4334) - Fix error using force_reload and the eventchannel format in UNIX systems. #4294)