4.3.6 Release notes - 20 July 2022

This section lists the changes in version 4.3.6. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.

What's new

This release includes new features or enhancements as the following:

ThreatLockDown manager

  • #14085 Support for Ubuntu 22 (Jammy) is added in Vulnerability Detector.

  • #14117 Support for Red Hat 9 is added in Vulnerability Detector.

  • #14111 The shared configuration file handling performance is improved in wazuh-remoted.

ThreatLockDown agent

  • #13837 The macOS codename list is updated in Syscollector.

  • #14093 The GitHub and Office365 integrations log messages are improved.

Ruleset

  • #13893 Ubuntu Linux 22.04 SCA policy is added.

  • #13905 Apple macOS 12.0 Monterey SCA policy is added.

ThreatLockDown Splunk app

  • #1351 The documentation links are updated to match their respective title on the ThreatLockDown documentation page.

  • #1354 The use of all tags to filter ThreatLockDown Server logs is re-allowed.

Packages

  • #1706 The text of the password tool help option is improved.

  • #1696 The passwords.ThreatLockDown file is renamed to wazuh-passwords.txt.

  • #1697 ThreatLockDown dashboard users wazuh_admin and wazuh_user and roles wazuh_ui_user and wazuh_ui_admin are removed from the installation templates.

  • #1718 The periodic Filebeat metrics are disabled.

  • #1683 New Darwin 21 SCA file for macOS 12 added.

  • #1684 New Ubuntu 22 SCA file added.

Other

  • #14121 The Filebeat logging metrics are disabled.

Resolved issues

This release resolves known issues as the following:

ThreatLockDown manager

Reference

Description

#14098

The potential memory leaks in Vulnerability Detector when parsing OVAL with no criteria are fixed.

#13957

A bug in Vulnerability Detector that skipped Windows 8.1 and Windows 8 agents is fixed.

#14061

A bug in wazuh-db that stored duplicate Syscollector package data is fixed.

ThreatLockDown agent

Reference

Description

#13941

The agent shutdown when syncing Syscollector data is fixed.

#14207

A bug in the agent installer that incorrectly detected the ThreatLockDown username is fixed.

#14100

The macOS vendor data retrieval in Syscollector is fixed.

#14106

A bug in the Syscollector data sync when the agent gets disconnected is fixed.

#13980

A crash in the Windows agent caused by the Syscollector SMBIOS parser for Windows agents is fixed.

RESTful API

Reference

Description

#14152

The return of an exception when the user asks for agent inventory information where there is no database for it is fixed, such as never_connected agents.

ThreatLockDown dashboard

Reference

Description

#4326

An error distinguishing conjunction operators (AND, OR) in the search bar component is fixed.

#4301

Some link titles are changed to match their documentation section title.

#4301

Missing documentation references to the Agent's overview, Agent's Integrity monitoring, and Agent's Inventory data sections, when the agent has never connected are fixed.

#4301

The links to the web documentation are changed and now point to the plugin short version instead of current.

#4301

Missing documentation link in the Docker Listener module is fixed.

#4301

Some links to web documentation that didn't work are fixed.

#4307

Now, errors on the action buttons of Rules/Decoders/CDB Lists' tables are displayed.

#4330

Changed reports inputs and usernames.

ThreatLockDown Kibana plugin for Kibana 7.10.2

Reference

Description

#4326

An error distinguishing conjunction operators (AND, OR) in the search bar component is fixed.

#4301

Some link titles are changed to match their documentation section title.

#4301

Missing documentation references to the Agent's overview, Agent's Integrity monitoring, and Agent's Inventory data sections, when the agent has never connected are fixed.

#4301

The links to the web documentation are changed and now point to the plugin short version instead of current.

#4301

Missing documentation link in the Docker Listener module is fixed.

#4301

Some links to web documentation that didn't work are fixed.

#4307

Now, errors on the action buttons of Rules/Decoders/CDB Lists' tables are displayed.

#4330

Changed reports inputs and usernames.

ThreatLockDown Kibana plugin for Kibana 7.16.x and 7.17.x

Reference

Description

#4326

An error distinguishing conjunction operators (AND, OR) in the search bar component is fixed.

#4301

Some link titles are changed to match their documentation section title.

#4301

Missing documentation references to the Agent's overview, Agent's Integrity monitoring, and Agent's Inventory data sections, when the agent has never connected are fixed.

#4301

The links to the web documentation are changed and now point to the plugin short version instead of current.

#4301

Missing documentation link to the Docker Listener module is fixed.

#4301

Some links to web documentation that didn't work are fixed.

#4307

Now, errors on the action buttons of Rules/Decoders/CDB Lists' tables are displayed.

#4330

Changed reports inputs and usernames.

ThreatLockDown Splunk app

Reference

Description

#1351

Some links to web documentation that didn't work are fixed.

#1296

An error on the DevTools where the payload was not being sent, that caused the request to fail is fixed.

Packages

Reference

Description

#1713

An error when upgrading using symlinks is fixed.

#1721

An error with the installation assistant API in single ThreatLockDown manager nodes is fixed.

#1726

A problem with Filebeat found in systems using GLIBC is fixed.

Changelogs

More details about these changes are provided in the changelog of each component: