I am happy to announce that Wazuh v2.0.1 has just been released!

As many of you already know, we released Wazuh v2.0 back in April this year. It included the integration of our forked version of OSSEC with OpenSCAP and Elastic Stack 5. In addition, we improved some core capabilities for infrastructure security monitoring, and developed a new WUI in the form of a Kibana app. You can learn more here: https://blog.wazuh.com/wazuh-v2-0-released

This new released, Wazuh v2.0.1, come with additional rules and decoders as well as other interesting changes in the core code and the API.

Here are the highlights of the new release:

Wazuh ruleset

We have added new rules and decoders to analyze log messages generated by the following applications:

  • MongoDB
  • Docker
  • Jenkins
  • AWS S3
  • Microsoft Windows Defender
  • Microsoft log related events
  • Microsoft SQL Server
  • Identity Guard
  • Sysmon events 11 and 15

Additionally, the ruleset can be updated using our script update_ruleset.py that now accepts a custom download URL.

Wazuh 

Here are some interesting changes:

  • Changed random data generator for a secure OS-provided generator.
  • Changed Windows installer file name (depending on version).
  • Linux distro detection using standard os-release file.
  • Disable synchronization with SQLite databases for Syscheck by default.
  • Minor changes at Rootcheck formatter for JSON alerts.
  • Added debugging messages to Integrator logs.
  • Show agent ID when possible on logs about incorrectly formatted messages.
  • Use default maximum inotify event queue size.
  • Show remote IP on encoding format errors when unencrypting messages.
  • Remove temporary files created by Syscheck changes reports.

To see the complete list of additions, changes and fixes included in this new release, changelog is available at: https://github.com/wazuh/wazuh/releases/tag/v2.0.1

Also, here are other useful links: