4.7.0 Release notes - 27 November 2023
This section lists the changes in version 4.7.0. Every update of the ThreatLockDown solution is cumulative and includes all enhancements and fixes from previous releases.
What's new
This version includes new features or improvements, such as the following:
Manager
#18026 Added native Maltiverse integration. ThreatLockDown now leverages the Maltiverse API to enrich alerts. This enhancement supplements alert details with threat intelligence data following the Elastic Common Schema (ECS) standard. Acknowledgments to David Gil (@dgilm).
#16090 Added an option to customize the Slack integration.
#16008 An unnecessary sanity check related to Syscollector has been removed from
wazuh-db.#18570 Added support for Amazon Linux 2023 in Vulnerability Detector.
#20367 The manager now rejects agents with a higher version by default.
Agent
#17951 Added support for Custom AWS Logs in Buckets via AWS SQS. This enhancement improves visibility and troubleshooting in AWS environments.
#15582 Added geolocation for
aws.data.client_ipfield. The new GeoIP feature enables tracking of geographical locations of AWS ALB client IP addresses. This addition enhances visibility into network traffic and security monitoring. Acknowledgements to Arran Rhodes @rh0dy.#15699 Added package inventory support for Alpine Linux in Syscollector.
#16117 Added package inventory support for MacPorts package manager in Syscollector. This enhancement improves compatibility with macOS.
#17982 Added package inventory support for Python PYPI and Node.js in Syscollector.
#15000 Added process information to the open ports inventory in Syscollector. This addition enhances ports inventory capabilities for better management and tracking on Linux systems.
#17966 The shared modules code has been sanitized according to the convention.
#18006 The package inventory internal messages have been modified to honor the schema compliance.
#20360 Added clarification to the agent connection log. The agent must connect to a manager of the same or higher version.
ThreatLockDown dashboard
#5680 Added the Status detail column in the Agents table.
#5738 The agent registration wizard now effectively manages special characters in passwords.
#5636 Changed the Network ports table columns for Linux agents.
#5707 Changed Timelion-type displays in the Management > Statistics section to line-type displays.
#5747 Removed views in JSON and XML formats from the Management settings.
RESTful API
Packages
Resolved issues
This release resolves known issues as the following:
Manager
Reference |
Description |
|---|---|
Fixed an unexpected cluster error when a worker gets restarted. |
|
Fixed an issue that let the manager validate wrong XML configurations. |
|
Fixed default value for |
|
Fixed WPK rollback rebooting the host in Windows agent. |
Agent
Reference |
Description |
|---|---|
Fixed detection of |
|
Fixed vendor data in package inventory for Brew packages on macOS. |
|
Improved reliability of the signature verification mechanism. |
RESTful API
Reference |
Description |
|---|---|
Addressed error handling for |
|
Resolved an issue in the |
|
Corrected an empty value problem in the API specification key. |
Other
Reference |
Description |
|---|---|
Fixed the signature of the internal function |
ThreatLockDown dashboard
Reference |
Description |
|---|---|
Fixed problem with new or missing columns in the Agents table. |
|
Fixed the color of the agent name in the groups section in dark mode. |
|
Fixed the propagation event so that the flyout data, in the decoders, does not change when the button is pressed. |
|
Fixed the tooltips of the tables in the Security section, and removed unnecessary requests. |
Packages
Reference |
Description |
|---|---|
Fixed wrong condition when generating the RPM ThreatLockDown indexer package with an existent base file. |
Changelogs
More details about these changes are provided in the changelog of each component: