This post is dedicated to the release of Wazuh 4.11.0! This version introduces a refined vulnerability detection process for CVE Numbering Authority (CNA) data, along with upgrades to the base operating system for Wazuh AMI and OVA environments. Additionally, it enhances the Wazuh Syscollector module, ensuring more precise system inventory reports. Other key enhancements include improvements to FIM and SCA decoders, optimized event processing for the AWS Custom Logs Buckets module, and an updated Wazuh dashboard layout.
Key highlights
Enhanced vulnerability detection
Wazuh 4.11.0 now incorporates vulnerability data from the Cybersecurity and Infrastructure Security Agency (CISA). Wazuh prioritizes CISA data over the National Vulnerability Database (NVD), enabling more accurate vulnerability assessments, reducing false positives, and enhancing alignment with authoritative security sources.
The Wazuh Vulnerability Detection module operates systematically, initially scanning for vulnerabilities using CISA data. If a specific CVE is not found in CISA’s database, the scanner automatically resorts to NVD as a fallback source, ensuring comprehensive coverage.
Wazuh Syscollector module improvement
The Wazuh Syscollector module has been enhanced to improve the detection of installed software on macOS and Windows. This improvement facilitates more precise software inventory tracking. This update includes better package identification on macOS. It also expands the detection of pip and npm packages. Additionally, it integrates with the Windows Management Instrumentation (WMI) API for more reliable detection of system updates.
These improvements bridge previous gaps in software inventory reporting, ensuring that the Wazuh agent accurately identifies installed packages across different environments. This ultimately assists system administrators in strengthening compliance and security monitoring.
For more details, refer to documentation on System Inventory.
Wazuh AMI and OVA operating system upgrade
The underlying operating system for Wazuh AMI and OVA virtual machine environments has been upgraded from Amazon Linux 2 (AL2) to Amazon Linux 2023 (AL2023). This transition addresses security vulnerabilities present in AL2 and ensures continued system compatibility as AL2 nears its end of life.
By adopting AL2023, users gain access to the latest security patches, enhanced system performance, and improved compliance with modern security standards, creating a more secure and optimized virtual infrastructure.
Conclusion
Wazuh remains committed to continuously improving its platform to provide robust security solutions that protect IT infrastructures from cybersecurity threats. For comprehensive details on the latest features, fixes, and performance enhancements in Wazuh 4.11.0, please review release notes. You can also explore changelog for a detailed breakdown of updates.
