The mix of rollouts in Wazuh 4.4 includes IPv6 support for agent-manager communication, vulnerability detection in Suse Linux, Azure integration in Linux agents, updated indexer, and SCA policy updates. Credit: Gerd Altmann Open source security provider Wazuh has launched the latest version of its unified extended detection and response (XDR) and security information and event management (SIEM) platform with a suite of upgraded capabilities.Wazuh 4.4 adds a string of new features to Wazuh agents and managers, which users deploy on endpoints and servers respectively. These features include support for IPv6 for agent-manager connections, search upgrade to OpenSearch v2.4.1, vulnerability detection for Suse Linux, updates to Linux software composition analysis (SCA) policies, and Azure integrations in Linux agents.“The 4.4 launch implies that all the packages and images for the version such as the AMI, OVA, and Docker images for the Wazuh central components, and the Windows, macOS, Linux, and other operating systems packages for the Wazuh agent are immediate and publicly available,” said Santiago Bassett, CEO of Wazuh. Amazon Machine Images, Open Virtualization Appliance, and Docker images are all pre-configured virtual machine images made available by AWS, VMware, and public docker registries to help users download and deploy across various virtualization platforms. Wazuh’s free and open source managed security platform can be accessed both as an on-premises as well as SaaS-based offering providing detection, incident response, and compliance management capabilities to its customers. The SaaS-based offering is called the Wazuh Cloud.Upgrade includes support for IPv6In order to keep up with the networking standards, Wazuh has updated its platform to add the latest internet protocol version 6 (IPv6) support to allow agents to register and connect to managers through an Ipv6 address. “It means customers can leverage the benefits of the IPv6 protocol with better security and performance in the agent-server communication,” Bassett said. “Connecting through IPv4 is still possible, but now its users can opt to set IPv6 parameters for the connections.”Wazuh indexer and dashboard have been reworked to run the latest version of OpenSearch, Amazon’s open source search and analytics engine. Wazuh now integrates with OpenSearch 2.4.1 to provide a scalable and centralized solution for indexing and analyzing security events and logs collected by its endpoint agents.Wazuh has also updated the SCA policies for Ubuntu Linux 20.04 and 22.04 because the existing version had some errors, the company said. As part of this task, it has used the Center for Internet Security guidelines for Ubuntu Linux 22.04 LTS systems.“Previously, the SCA policy for Ubuntu 20.04 systems didn’t work as expected. In particular cases, the Wazuh agent didn’t report the actual system state correctly using the SCA policy file for this operating system. Wazuh would report some particular configuration test results as failed when they should have actually been reported as passed,” Bassett added.Added support for Suse LinuxWazuh 4.4 now supports vulnerability detection in the Suse Linux systems. This was previously available for select Linux systems and other operating systems including Windows, macOS, and FreeBSD.The company has also added support for Azure integration on its Linux-based agents. This is done by modifying the package generation process to add Azure support on agents installed using Windows Packaging Project (WPK) packages, a distribution format for Windows applications. Each new WPK package will contain all the updated binaries and source code, and the installer will update all files and binaries to support Azure integration.“Previously, users needed to set up the Azure integration in the Wazuh server but now it’s possible to configure the very Linux agents to set up the Azure integration,” Bassett added. Related content brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security feature Backlogs at National Vulnerability Database prompt action from NIST and CISA A crisis at the key US service for ranking vulnerabilities has been fueled by short resources and an explosion of security flaws as the volume of software production increases. By John Mello Jr. May 15, 2024 10 mins Threat and Vulnerability Management Security Practices Vulnerabilities news FBI warns Black Basta ransomware impacted over 500 organizations worldwide CISA advisory includes indicators of compromise and TTPs that can be used for threat hunting. By Lucian Constantin May 14, 2024 6 mins Ransomware Phishing Healthcare Industry news Australian federal budget outlines investment in cybersecurity The Australian government announced its 2024-25 federal budget and CSO has selected highlights that indicate how much will go towards cybersecurity and in what areas. By Samira Sarraf May 14, 2024 5 mins Fraud Protection and Detection Software Data and Information Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe