Wazuh Announces Version 4.3

The Wazuh team announced a new major version, 4.3. The Proxmox home lab guide on my blog points to installing 4.2 and I wanted to make a note for new or returning readers about the new announcement.
Wazuh Announces Version 4.3
In: Wazuh, Defend, Home Lab, SIEM

Announcement Post

I'll start this post off by linking the original announcement post for anyone who'd like to read it from the vendor.

Introducing Wazuh 4.3.0 · Wazuh · The Open Source Security Platform
We are thrilled to announce that Wazuh 4.3.0 has been released, along with a new website and improved documentation. This is an important milestone for

What's Changed in 4.3?

New Wazuh Indexer and Wazuh Dashboard

With Wazuh 4.3.0, two new components have been added: the Wazuh indexer and the Wazuh dashboard. These components are based on OpenSearch, an open source search and analytics project derived from Elasticsearch and Kibana.

The Wazuh indexer is an Opensearch distribution with additional tools that our team has developed to assist with the installation and configuration of the search engine.

The Wazuh dashboard, which is the web user interface for the Wazuh platform, is a customized OpenSearch Dashboards distribution that includes the Wazuh plugin.

This is by far the biggest change here. They've forked Opensearch's version of Kibana and Elasticsearch, added some additional functionality, and overhauled the data indexing and web front-end.

What about users on Wazuh 4.2 with OpenDistro Elastic stacks?

Fortunately, they advise that their latest Wazuh Kibana plugin will continue to support OpenDistro Elastic stacks.

Open Distro: The Wazuh Kibana plugin provides support for the latest version of Open Distro, which at this moment is version 1.13.2

As long as your Elastic stack falls at or under version 1.13.2, upgrades to the Wazuh manager and the Wazuh plugin should be supported.

Can I migrate to Wazuh Indexer and Wazuh Dashboard?

There is a migration guide here: Migration guide · Wazuh documentation that details moving from Opendistro Elasticsearch and Kibana. I have not gone through the steps laid out here yet, but will take some notes and share on my blog when I do.

Additional Updates

  • Vulnerability detection improvements
  • New integrations with Office 365 and GitHub
  • MITRE ATT&CK intelligence
  • Improvements for macOS agents
  • Release notes
  • Changelog

Wazuh Home Lab Guide

If you've followed along with my Proxmox home lab guide, you'll know that I've got a section on setting up a Suricata and Zeek NIDS and Wazuh SIEM. That guide was written a while back and still points to Wazuh 4.2.

Adding a Comprehensive Wazuh SIEM and Network Intrusion Detection System (NIDS) to the Lab
In this module, we will take a look at the process setting up a comprehensive Wazuh SIEM, including a NIDS and some HIDS agents.

I am currently researching the upgrade process from 4.2 to 4.3. If you're using Proxmox, it's imperative that you use snapshots before and after the upgrade.

  • Once before the upgrade for rollbacks
  • Once after the upgrade as a baseline while testing the new setup

As soon as I know more about the upgrade process and any pertinent details, I'll be sure to follow up with an upgrade strategy.

More from 0xBEN
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.