================================================================================
WAZUH MCP SERVER - RELEASE NOTES v2.0.0
Release Date: June 24, 2024
Codename: "Indexer Integration"
Compatibility: Wazuh 4.8.0+ (REQUIRED)
================================================================================
MAJOR VERSION UPDATE - BREAKING CHANGES
This is a MAJOR VERSION RELEASE with significant breaking changes and new
features. Primary focus: Wazuh 4.8.0+ compatibility with new Indexer API.
BREAKING CHANGES:
- Minimum Wazuh Version: NOW REQUIRES Wazuh 4.8.0 or later
- Python Version: Minimum Python 3.8+ (tested up to 3.13)
- API Access: Requires BOTH Wazuh Server API (port 55000) AND Indexer API (port 9200)
- Configuration: New indexer-specific parameters required
- Environment: Updated .env variables needed
================================================================================
NEW FEATURES
-
WAZUH 4.8.0+ INDEXER API SUPPORT
- Native Indexer Integration with OpenSearch/Elasticsearch
- Dual API Architecture with intelligent routing
- Automatic version detection and API selection
- Limited backward compatibility for Wazuh 4.7.x
-
SMART API CLIENT MANAGER
- WazuhClientManager: Unified client for both APIs
- Intelligent routing: alerts/vulnerabilities to Indexer API for 4.8.0+
- Fallback mechanisms when APIs are unavailable
- Comprehensive health monitoring for both APIs
-
ADVANCED FIELD MAPPING SYSTEM
- WazuhFieldMapper: Production-grade field mapping
- Schema translation: timestamp <-> @timestamp
- Index pattern management for Wazuh 4.8.0+ indices
- Data validation and error detection
-
PRODUCTION-GRADE ERROR HANDLING
- Circuit Breaker Pattern with configurable thresholds
- Exponential backoff retry logic with jitter
- Error classification for different failure types
- Detailed error metrics and monitoring
-
ENHANCED SECURITY FEATURES
- Strong password validation (8+ chars, complexity)
- SSL/TLS hardening with certificate validation
- Improved authentication and credential management
- Security audit logging
-
ENVIRONMENT CONFIGURATION OVERHAUL
- Native .env support with python-dotenv
- Cross-platform compatibility (Windows/Linux/macOS)
- Comprehensive configuration validation
- Production-ready deployment configuration
================================================================================
TECHNICAL IMPROVEMENTS
API ENHANCEMENTS:
- New WazuhIndexerClient for OpenSearch/Elasticsearch
- Optimized queries for better performance
- Response transformation for API compatibility
- Built-in rate limiting and throttling
DATA PROCESSING:
- Enhanced alert processing for Indexer API format
- Native vulnerability data handling from Indexer
- Improved timestamp handling and time-based queries
- Support for complex aggregations and analytics
TESTING & QUALITY:
- Comprehensive test suite with 20+ scenarios
- Production stability validation
- Full API compatibility testing
- Extensive error handling validation
================================================================================
NEW DOCUMENTATION
- WAZUH_4_8_MIGRATION.md: Complete migration guide
- PRODUCTION_DEPLOYMENT_CHECKLIST.md: Production deployment guide
- STABILITY_TEST_REPORT.md: Comprehensive test results
- Updated .env.example with all configuration options
- Enhanced setup scripts for cross-platform installation
================================================================================
MIGRATION FROM v1.x TO v2.0.0
REQUIRED STEPS:
- Upgrade Wazuh to 4.8.0 or later
- Update configuration: Add Indexer API settings to .env
- Install dependencies: pip install -r requirements.txt
- Validate setup using migration scripts
- Test connection to both Server and Indexer APIs
See WAZUH_4_8_MIGRATION.md for detailed instructions.
================================================================================
PERFORMANCE IMPROVEMENTS
- 50% faster queries with optimized Indexer API
- Reduced memory usage with efficient data processing
- Better error recovery and faster API failure recovery
- Improved responsiveness for concurrent requests
================================================================================
SECURITY ENHANCEMENTS
- Enhanced password policy: minimum 8 characters with complexity
- SSL/TLS enforcement with production-grade validation
- Improved credential validation and authentication errors
- Security event logging and audit trail
================================================================================
BUG FIXES
- Fixed SSL certificate validation warnings
- Resolved connection timeout handling issues
- Fixed field mapping inconsistencies between APIs
- Corrected error propagation in failure scenarios
- Improved resource cleanup and memory management
================================================================================
DEPENDENCIES
NEW DEPENDENCIES:
- python-dotenv>=1.0.0 (Environment variable management)
- packaging>=21.0 (Version comparison utilities)
UPDATED DEPENDENCIES:
- aiohttp>=3.9.0 (HTTP client with security improvements)
- pydantic>=2.0.0 (Enhanced data validation)
- urllib3>=2.0.0 (Security patches)
================================================================================
TESTING RESULTS
CORE FUNCTIONALITY TESTS: 7/7 PASSED
- Version Information: PASSED
- Configuration Module: PASSED
- Field Mappings: PASSED
- Error Handler: PASSED
- Version Comparison Logic: PASSED
- Security Validations: PASSED
- Production Requirements: PASSED
Edge Case Coverage: Comprehensive error scenario testing
Production Stability: Load testing and stability validation
Security Testing: Authentication and authorization validation
================================================================================
COMPATIBILITY MATRIX
Wazuh Version | Support Level | API Strategy | Recommendation
4.8.0+ | Full Support | Indexer API Primary | RECOMMENDED
4.7.x | Limited Support | Server API Fallback | Upgrade to 4.8.0+
< 4.7.0 | Not Supported | N/A | UNSUPPORTED
================================================================================
QUICK START FOR v2.0.0
- Ensure Wazuh 4.8.0+ is running
- Clone repository:
git clone https://github.com/gensecaihq/Wazuh-MCP-Server.git
cd Wazuh-MCP-Server - Install dependencies:
pip install -r requirements.txt - Configure environment:
cp .env.example .envEdit .env with your Wazuh 4.8.0+ credentials
- Test connection:
python scripts/test_connection.py - Run server:
python src/wazuh_mcp_server.py
================================================================================
METRICS
- Lines of Code: ~2,500 (50% increase from v1.x)
- Test Coverage: 85%+ on critical paths
- Documentation: 8 comprehensive guides
- API Endpoints: Full Wazuh 4.8.0+ API coverage
================================================================================
SUPPORT
Documentation: See /docs directory
Migration Help: WAZUH_4_8_MIGRATION.md
Issues: GitHub Issues (https://github.com/gensecaihq/Wazuh-MCP-Server/issues)
Security: Report security issues privately
================================================================================
ACKNOWLEDGMENTS
- Wazuh team for excellent 4.8.0 API improvements
- Community contributors for feedback and testing
- Security researchers for vulnerability reports
================================================================================
Welcome to the future of AI-powered security operations with Wazuh 4.8.0+!
This release represents a significant step forward in integrating modern SIEM
capabilities with conversational AI, providing security teams with unprecedented
efficiency and insight into their security posture.
