Merge 4.8.2 into master

CHANGELOG.md

@@ -26,6 +26,7 @@ All notable changes to this project will be documented in this file.
 ### Added
 
 - Added reference to AWS Cloudtrail policies in Monitoring AWS infrastructure PoC guide. ([#6785](https://github.com/wazuh/wazuh-documentation/pull/6785))
+- Added ``procps`` as Wazuh manager and Wazuh agent source install dependency ([#7003](https://github.com/wazuh/wazuh-documentation/pull/7003))
 
 ### Changed
 
@@ -40,6 +41,7 @@ All notable changes to this project will be documented in this file.
 - Added Wazuh v4.8.0 release notes. ([#6550](https://github.com/wazuh/wazuh-documentation/pull/6550))
 - Added the ``update_check`` configuration option. ([#6673](https://github.com/wazuh/wazuh-documentation/pull/6673))
 - Added the Filebeat deployment into Wazuh manager worker nodes for distributed deployments with Puppet. ([#6872](https://github.com/wazuh/wazuh-documentation/pull/6872))
+- Added keystore management tool section. ([#7000](https://github.com/wazuh/wazuh-documentation/pull/7000))
 
 ### Changed
 
@@ -58,6 +60,8 @@ All notable changes to this project will be documented in this file.
 - Updated the vulnerability detection (VD) sections following the VD module refactor. ([#6792](https://github.com/wazuh/wazuh-documentation/pull/6792))
 - Updated screenshot and module reference from **Security events** to **Threat Hunting** in Amazon Security Lake section. ([#6956](https://github.com/wazuh/wazuh-documentation/pull/6956))
 - Improved steps in the Google Cloud Platform prerequisites section. ([#6964](https://github.com/wazuh/wazuh-documentation/pull/6964))
+- Updated Azure Diagnostics images. ([#6987](https://github.com/wazuh/wazuh-documentation/pull/6987))
+- Updated Azure Log Analytics images. ([#7002](https://github.com/wazuh/wazuh-documentation/pull/7002))
 
 ### Fixed
 
@@ -130,12 +134,12 @@ All notable changes to this project will be documented in this file.
 ### Added
 
 - Added integration for the Microsoft Graph API. ([#6317](https://github.com/wazuh/wazuh-documentation/pull/6317))
-- Added support for Debian Bookworm in Vulnerability Detector. ([#6338](https://github.com/wazuh/wazuh-documentation/pull/6368))   
+- Added support for Debian Bookworm in Vulnerability Detector. ([#6338](https://github.com/wazuh/wazuh-documentation/pull/6368))
 - Added `<allow_higher_versions>` to 'remote' and 'auth' sections. ([#6333](https://github.com/wazuh/wazuh-documentation/pull/6333))
 - Added agent version filter option. ([#6312](https://github.com/wazuh/wazuh-documentation/pull/6312))
 - Added events webhook docs. ([#6151](https://github.com/wazuh/wazuh-documentation/pull/6151))
 - Added documentation to include user `.aws/config` file as default config. ([#6005](https://github.com/wazuh/wazuh-documentation/pull/6005))
-- Added the FIM wildcard Windows registers documentation. ([#5932](https://github.com/wazuh/wazuh-documentation/pull/5932)) 
+- Added the FIM wildcard Windows registers documentation. ([#5932](https://github.com/wazuh/wazuh-documentation/pull/5932))
 - Support AlmaLinux in Vulnerability Detector. ([#5904](https://github.com/wazuh/wazuh-documentation/pull/5904))
 - wazuh-authd can now generate X509 certificates. ([#5461](https://github.com/wazuh/wazuh-documentation/pull/5461))
 - Added a note in the Microsoft Graph documentation stating that multi-tenant is not supported. ([#6505](https://github.com/wazuh/wazuh-documentation/pull/6505))

source/cloud-security/azure/activity-services/services/storage.rst

@@ -46,8 +46,8 @@ Configuring the Activity log export
 
 #. Configure the following settings and click **Save**.
 
-   -  Tick **AuditLogs** checkbox.
-   -  Tick the **Archive to storage account** checkbox.
+   -  Tick **Administrative** checkbox.
+   -  Tick the **Archive to a storage account** checkbox.
    -  Select your **Subscription**.
    -  Select your **Storage account**.
 

source/compliance/hipaa/vulnerability-detection.rst

@@ -37,8 +37,6 @@ In this use case, you configure Wazuh to detect vulnerabilities on a Debian endp
         <hosts>
           <host>https://0.0.0.0:9200</host>
         </hosts>
-        <username>admin</username>
-        <password>admin</password>
         <ssl>
           <certificate_authorities>
             <ca>/etc/filebeat/certs/root-ca.pem</ca>

source/compliance/nist/vulnerability-detection.rst

@@ -68,8 +68,6 @@ Wazuh server
         <hosts>
           <host>https://0.0.0.0:9200</host>
         </hosts>
-        <username>admin</username>
-        <password>admin</password>
         <ssl>
           <certificate_authorities>
             <ca>/etc/filebeat/certs/root-ca.pem</ca>

source/compliance/pci-dss/vulnerability-detection.rst

@@ -52,8 +52,6 @@ Below are some PCI DSS requirements use cases that can be met with the vulnerabi
           <hosts>
             <host>https://0.0.0.0:9200</host>
           </hosts>
-          <username>admin</username>
-          <password>admin</password>
           <ssl>
             <certificate_authorities>
               <ca>/etc/filebeat/certs/root-ca.pem</ca>

source/compliance/tsc/common-criteria/cc7.1.rst

@@ -35,8 +35,6 @@ In this use case, you can see how the Wazuh Vulnerability Detection module detec
         <hosts>
           <host>https://0.0.0.0:9200</host>
         </hosts>
-        <username>admin</username>
-        <password>admin</password>
         <ssl>
           <certificate_authorities>
             <ca>/etc/filebeat/certs/root-ca.pem</ca>

source/deployment-options/offline-installation/step-by-step.rst

@@ -158,6 +158,14 @@ Installing the Wazuh manager
 
     .. include:: /_templates/installations/wazuh/common/check_wazuh_manager.rst    
 
+#. Save the Wazuh indexer username and password into the Wazuh manager keystore using the wazuh-keystore tool: 
+
+   .. code-block:: console
+
+       # /var/ossec/bin/wazuh-keystore -f indexer -k username -v <INDEXER_USERNAME>
+       # /var/ossec/bin/wazuh-keystore -f indexer -k password -v <INDEXER_PASSWORD>   
+
+   .. note:: The default offline-installation credentials are ``admin``:``admin``
 
 Installing Filebeat
 ~~~~~~~~~~~~~~~~~~~

source/deployment-options/wazuh-from-sources/wazuh-agent/index.rst

@@ -33,7 +33,7 @@ The Wazuh agent is a single and lightweight monitoring software. It is a multi-p
                             .. code-block:: console
 
                                 # yum update -y
-                                # yum install make gcc gcc-c++ policycoreutils-python automake autoconf libtool centos-release-scl openssl-devel wget bzip2 -y
+                                # yum install make gcc gcc-c++ policycoreutils-python automake autoconf libtool centos-release-scl openssl-devel wget bzip2 procps -y
                                 # curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz  && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /bin/g++ /usr/bin/c++ && ln -fs /bin/gcc /usr/bin/cc && cd .. && rm -rf gcc-*
 
                             CMake 3.18 installation
@@ -49,7 +49,7 @@ The Wazuh agent is a single and lightweight monitoring software. It is a multi-p
 
                             .. code-block:: console
 
-                                # yum install make gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel cmake
+                                # yum install make gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel cmake procps -y
                                 # yum-config-manager --enable powertools
                                 # yum install libstdc++-static -y
 
@@ -65,7 +65,7 @@ The Wazuh agent is a single and lightweight monitoring software. It is a multi-p
 
                     .. code-block:: console
 
-                        # apt-get install python gcc g++ make libc6-dev curl policycoreutils automake autoconf libtool libssl-dev
+                        # apt-get install python gcc g++ make libc6-dev curl policycoreutils automake autoconf libtool libssl-dev procps
 
                     CMake 3.18 installation
 

source/deployment-options/wazuh-from-sources/wazuh-server/index.rst

@@ -24,7 +24,7 @@ Installing dependencies
                 .. code-block:: console
 
                     # yum update -y
-                    # yum install make gcc gcc-c++ policycoreutils-python automake autoconf libtool centos-release-scl openssl-devel wget bzip2 devtoolset-7 -y
+                    # yum install make gcc gcc-c++ policycoreutils-python automake autoconf libtool centos-release-scl openssl-devel wget bzip2 devtoolset-7 procps -y
                     # curl -OL http://packages.wazuh.com/utils/gcc/gcc-9.4.0.tar.gz && tar xzf gcc-9.4.0.tar.gz  && cd gcc-9.4.0/ && ./contrib/download_prerequisites && ./configure --enable-languages=c,c++ --prefix=/usr --disable-multilib --disable-libsanitizer && make -j$(nproc) && make install && ln -fs /usr/bin/g++ /bin/c++ && ln -fs /usr/bin/gcc /bin/cc && cd .. && rm -rf gcc-* && scl enable devtoolset-7 bash
 
                 CMake 3.18 installation.
@@ -38,7 +38,7 @@ Installing dependencies
 
                 .. code-block:: console
 
-                    # yum install make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel yum-utils
+                    # yum install make cmake gcc gcc-c++ python3 python3-policycoreutils automake autoconf libtool openssl-devel yum-utils procps -y
                     # yum-config-manager --enable powertools
                     # yum install libstdc++-static -y
 
@@ -55,7 +55,7 @@ Installing dependencies
         .. code-block:: console
 
             # apt-get update
-            # apt-get install python gcc g++ make libc6-dev curl policycoreutils automake autoconf libtool libssl-dev
+            # apt-get install python gcc g++ make libc6-dev curl policycoreutils automake autoconf libtool libssl-dev procps
 
         CMake 3.18 installation
 

source/installation-guide/wazuh-server/step-by-step.rst

@@ -77,7 +77,14 @@ Installing the Wazuh manager
 
       .. include:: /_templates/installations/wazuh/common/check_wazuh_manager.rst
 
+  #. Save the Wazuh indexer username and password into the Wazuh manager keystore using the wazuh-keystore tool: 
 
+    .. code-block:: console
+
+       # /var/ossec/bin/wazuh-keystore -f indexer -k username -v <INDEXER_USERNAME>
+       # /var/ossec/bin/wazuh-keystore -f indexer -k password -v <INDEXER_PASSWORD>   
+
+    .. note:: The default step-by-step installation credentials are ``admin``:``admin``
 
 .. _wazuh_server_multi_node_filebeat:
 

source/proof-of-concept-guide/poc-vulnerability-detection.rst

@@ -44,8 +44,6 @@ The Vulnerability Detection module is enabled by default. You can perform the fo
          <hosts>
             <host>https://0.0.0.0:9200</host>
          </hosts>
-         <username>admin</username>
-         <password>admin</password>
          <ssl>
             <certificate_authorities>
             <ca>/etc/filebeat/certs/root-ca.pem</ca>

source/release-notes/release-4-8-0.rst

@@ -24,6 +24,7 @@ Manager
 - `#19819 <https://github.com/wazuh/wazuh/pull/19819>`__ Replaced Filebeat date index name processor to ensure the indices are identifiable by the index alias for auto-rollover.
 - `#18466 <https://github.com/wazuh/wazuh/pull/18466>`__ Updated API and framework packages installation commands to use ``pip`` instead of direct invocation of ``setuptools``.
 - `#17015 <https://github.com/wazuh/wazuh/pull/17015>`__ Refactored how cluster status dates are treated in the cluster.
+- `#21602 <https://github.com/wazuh/wazuh/pull/21602>`__ The log message about file rotation and signature from wazuh-monitord has been updated.
 
 Agent
 ^^^^^
@@ -36,13 +37,16 @@ Agent
 - `#16200 <https://github.com/wazuh/wazuh/pull/16200>`__ FIM now buffers the Linux audit events for who-data to prevent side effects in other components.
 - `#19720 <https://github.com/wazuh/wazuh/pull/19720>`__ The sub-process execution implementation has been improved.
 - `#20649 <https://github.com/wazuh/wazuh/pull/20649>`__ Added geolocation mapping for the AWS WAF events.
+- `#21530 <https://github.com/wazuh/wazuh/pull/21530>`__ Added a validation to reject unsupported regions when using the inspector service.
+- `#21561 <https://github.com/wazuh/wazuh/pull/21561>`__ Added additional information on some AWS integration errors.
 
 RESTful API
 ^^^^^^^^^^^
 
 - `#19952 <https://github.com/wazuh/wazuh/pull/19952>`__ Added new ``GET /manager/version/check`` API endpoint to obtain information about new releases of Wazuh.
 - `#20119 <https://github.com/wazuh/wazuh/pull/20119>`__ Removed ``PUT /vulnerability``, ``GET /vulnerability/{agent_id}``, ``GET /vulnerability/{agent_id}/last_scan`` and ``GET /vulnerability/{agent_id}/summary/{field}`` API endpoints as they were deprecated in version 4.7.0. Use the Wazuh indexer REST API instead.
 - `#20420 <https://github.com/wazuh/wazuh/pull/20420>`__ Added the ``auto`` option to the ``ssl_protocol`` setting in the API configuration. This option enables automatic negotiation of the TLS certificate.
+- `#21572 <https://github.com/wazuh/wazuh/pull/21572>`__ Removed the ``compilation_date`` field from ``GET /cluster/{node_id}/info`` and ``GET /manager/info`` endpoints.
 
 Ruleset
 ^^^^^^^
@@ -70,10 +74,13 @@ Other
 ^^^^^
 
 - `#20003 <https://github.com/wazuh/wazuh/pull/20003>`__ Upgraded external ``aiohttp`` library dependency version to ``3.8.5``.
-- `#20003 <https://github.com/wazuh/wazuh/pull/20003>`__ Upgraded external ``cryptography`` library dependency version to ``41.0.4``.
+- `#21055 <https://github.com/wazuh/wazuh/pull/21055>`__ Upgraded external ``cryptography`` library dependency version to ``41.0.7``.
 - `#20003 <https://github.com/wazuh/wazuh/pull/20003>`__ Upgraded external ``numpy`` library dependency version to ``1.26.0``.
 - `#20003 <https://github.com/wazuh/wazuh/pull/20003>`__ Upgraded external ``pyarrow`` library dependency version to ``14.0.1``.
 - `#20003 <https://github.com/wazuh/wazuh/pull/20003>`__ Upgraded external ``grpcio`` library dependency version to ``1.58.0``.
+- `#20630 <https://github.com/wazuh/wazuh/pull/20630>`__ Upgraded external ``urllib3`` library dependency version to ``1.26.18``.
+- `#20741 <https://github.com/wazuh/wazuh/pull/20741>`__ Upgraded external ``SQLAlchemy`` library dependency version to ``2.0.23``.
+- `#21684 <https://github.com/wazuh/wazuh/pull/21684>`__ Upgraded external ``Jinja2`` library dependency version to ``3.1.3``.
 - `#20003 <https://github.com/wazuh/wazuh/pull/20003>`__ Upgraded embedded Python version to ``3.10.13``.
 
 Wazuh dashboard
@@ -98,8 +105,9 @@ Wazuh dashboard
 - `#6361 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6361>`__ Removed ``WAZUH_REGISTRATION_SERVER`` variable from Windows agent deployment command.
 - `#6354 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6354>`__ Added a dash character and a tooltip element to **Run as** in the API configuration table to indicate it's been disabled.
 - `#6364 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6364>`__ Added tooltip element to **Most active agent** in **Details** in the **Endpoint summary** view and renamed a label element.
+- `#6379 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6379>`__ Changed overview home top KPIs.
 
-Packages 
+Packages
 ^^^^^^^^
 
 - `#2332 <https://github.com/wazuh/wazuh-packages/pull/2332>`_ Added check into the installation assistant to prevent the use of public IP addresses.
@@ -108,25 +116,33 @@ Packages
 - `#2365 <https://github.com/wazuh/wazuh-packages/pull/2365>`_ Removed the ``postProvision.sh`` script. It's no longer used in OVA generation.
 - `#2364 <https://github.com/wazuh/wazuh-packages/pull/2364>`_ Added ``curl`` error messages in downloads.
 - `#2469 <https://github.com/wazuh/wazuh-packages/pull/2469>`_ Improved debug output in the installation assistant.
-- `#2422 <https://github.com/wazuh/wazuh-packages/pull/2422>`_ Enabled ``localhost`` domain registration in the installation assistant and ``cert-tool``.
 - `#2300 <https://github.com/wazuh/wazuh-packages/pull/2300>`_ Added SCA policy for Rocky Linux 8 in SPECS.
 - `#2557 <https://github.com/wazuh/wazuh-packages/pull/2557>`_ Added SCA policy for Amazon Linux 2023 in SPECS.
 - `#2558 <https://github.com/wazuh/wazuh-packages/pull/2558>`_ Wazuh password tool now recognizes UI created users.
 - `#2562 <https://github.com/wazuh/wazuh-packages/pull/2562>`_ Bumped Wazuh indexer to OpenSearch 2.10.0.
 - `#2563 <https://github.com/wazuh/wazuh-packages/pull/2563>`_ Bumped Wazuh dashboard to OpenSearch Dashboards 2.10.0.
-- `#2577 <https://github.com/wazuh/wazuh-packages/pull/2577>`_ Addedd APT and YUM lock logic to the Wazuh instalaltion assistant.
+- `#2577 <https://github.com/wazuh/wazuh-packages/pull/2577>`_ Added APT and YUM lock logic to the Wazuh installation assistant.
 - `#2553 <https://github.com/wazuh/wazuh-packages/pull/2553>`_ Added new role to grant ISM API permissions.
 - `#2164 <https://github.com/wazuh/wazuh-packages/pull/2164>`_ Deprecated CentOS 6 and Debian 7 for the Wazuh manager compilation, while still supporting them in the Wazuh agent compilation.
 - `#2588 <https://github.com/wazuh/wazuh-packages/pull/2588>`_ Added logic to the installation assistant to check for clean Wazuh central components removal.
 - `#2615 <https://github.com/wazuh/wazuh-packages/pull/2615>`_ Added branding images to the header of Wazuh dashboard.
 - `#2696 <https://github.com/wazuh/wazuh-packages/pull/2696>`_ Updated Filebeat module version to 0.4 in Wazuh installation assistant.
 - `#2695 <https://github.com/wazuh/wazuh-packages/pull/2695>`_ Added content database in RPM and DEB packages.
 - `#2669 <https://github.com/wazuh/wazuh-packages/pull/2669>`_ Upgraded ``botocore`` dependency in WPK package Docker containers.
+- `#2738 <https://github.com/wazuh/wazuh-packages/pull/2738>`_ Added ``xz utils`` as requirement.
+- `#2777 <https://github.com/wazuh/wazuh-packages/pull/2777>`_ Added support for refactored vulnerability detector in the installation assistant.
+- `#2797 <https://github.com/wazuh/wazuh-packages/pull/2797>`_ The installation assistant now uses ``127.0.0.1`` instead of ``localhost`` in dashboard configuration.
+- `#2801 <https://github.com/wazuh/wazuh-packages/pull/2801>`_ Added check into the installation assistant to ensure ``sudo`` package is installed.
+- `#2792 <https://github.com/wazuh/wazuh-packages/pull/2792>`_ Improved certificates generation tool output.
+- `#2804 <https://github.com/wazuh/wazuh-packages/pull/2804>`_ Added keystore tool creation for manager packages.
+- `#2802 <https://github.com/wazuh/wazuh-packages/pull/2802>`_ Added wazuh-keystore in passwords tool.
+- `#2809 <https://github.com/wazuh/wazuh-packages/pull/2809>`_ Upgrade scripts to support building Wazuh with OpenSSL 3.0.
+
 
 Resolved issues
 ---------------
 
-This release resolves known issues as the following: 
+This release resolves known issues as the following:
 
 Wazuh manager
 ^^^^^^^^^^^^^
@@ -174,6 +190,8 @@ Reference                                                                    Des
 `#6345 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6345>`__       Fixed unnecessary scrolling in the vulnerability **Inventory** table.
 `#6342 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6342>`__       Fixed wrong **Queue Usage** values in **Server management** > **Statistics**.
 `#6352 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6352>`__       Fixed **Statistics** view errors when cluster mode is disabled.
+`#6374 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6374>`__       Fixed the help menu, to be consistent and avoid duplication.
+`#6378 <https://github.com/wazuh/wazuh-dashboard-plugins/pull/6378>`__       Fixed the axis label visual bug from dashboards.
 =========================================================================    =============
 
 Packages

source/user-manual/capabilities/vulnerability-detection/configuring-scans.rst

@@ -23,8 +23,6 @@ The following configuration block shows a configuration example for the Vulnerab
       <hosts>
          <host>https://0.0.0.0:9200</host>
       </hosts>
-      <username>admin</username>
-      <password>admin</password>
       <ssl>
          <certificate_authorities>
             <ca>/etc/filebeat/certs/root-ca.pem</ca>