Merge pull request #8100 from wazuh/merge-4.10-into-4.10.1

Merge 4.10 into 4.10.1
wazuh · Jan 10, 2025 · 5e85503 · 5e85503
2 parents a9dcaf5 + a8e468c
commit 5e85503
Show file tree

Hide file tree

Showing 10 changed files with 295 additions and 40 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,7 @@ All notable changes to this project will be documented in this file.
 - Added PowerPC package references back to the packages list. ([#7724](https://github.com/wazuh/wazuh-documentation/pull/7724))
 - Added dependencies to the dependency requirements in the Offline installation guide using the installation assistant. ([#7931](https://github.com/wazuh/wazuh-documentation/pull/7931))
 - Added ``wazuh.updates.disabled`` to the *Wazuh dashboard settings* reference document. ([#7977](https://github.com/wazuh/wazuh-documentation/pull/7977))
+- Added a troubleshooting guide to the Vulnerability detection capability section. ([#8014](https://github.com/wazuh/wazuh-documentation/pull/8014))
 
 ### Changed
 

diff --git a/source/_static/js/redirects.js b/source/_static/js/redirects.js
@@ -71,7 +71,10 @@ removedUrls['x.y'] = [
 newUrls['4.10'] = [
   '/release-notes/release-4-10-0.html',
   '/release-notes/release-4-10-1.html',
-  '/user-manual/reference/ossec-conf/anti-tampering.html'
+  '/user-manual/reference/ossec-conf/anti-tampering.html',
+  '/user-manual/capabilities/vulnerability-detection/troubleshooting.html',
+  '/user-manual/capabilities/vulnerability-detection/FAQ.html',
+  '/user-manual/capabilities/vulnerability-detection/known-issues.html',
 ]
 
 /* *** RELEASE 4.9 ****/

diff --git a/source/installation-guide/wazuh-dashboard/step-by-step.rst b/source/installation-guide/wazuh-dashboard/step-by-step.rst
@@ -1,7 +1,7 @@
 .. Copyright (C) 2015, Wazuh, Inc.
 
 .. meta::
-   :description: Learn how to install Wazuh dashboard, a flexible and intuitive web interface for mining and visualizing the events and archives. 
+   :description: Learn how to install Wazuh dashboard, a flexible and intuitive web interface for mining and visualizing the events and archives.
 
 .. _wazuh_dashboard_step_by_step:
 
@@ -27,21 +27,21 @@ Adding the Wazuh repository
     If you are installing the Wazuh dashboard on the same host as the Wazuh indexer or the Wazuh server, you may skip these steps as you may have added the Wazuh repository already.
 
   .. tabs::
-  
+
     .. group-tab:: Yum
-  
-  
+
+
       .. include:: /_templates/installations/common/yum/add-repository.rst
-  
-  
-  
+
+
+
     .. group-tab:: APT
-  
-  
+
+
       .. include:: /_templates/installations/common/deb/add-repository.rst
-  
-  
-  
+
+
+
 
 Installing the Wazuh dashboard
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -59,7 +59,7 @@ Installing the Wazuh dashboard
       .. group-tab:: APT
 
          .. code-block:: console
-              
+
             # apt-get -y install wazuh-dashboard|WAZUH_DASHBOARD_DEB_PKG_INSTALL|
 
 Configuring the Wazuh dashboard
@@ -99,10 +99,10 @@ Starting the Wazuh dashboard service
       .. include:: /_templates/installations/dashboard/enable_dashboard.rst
 
   #. Edit the ``/usr/share/wazuh-dashboard/data/wazuh/config/wazuh.yml`` file and replace the ``url`` value with the IP address or hostname of the Wazuh server master node.
-   
+
       .. code-block:: yaml
          :emphasize-lines: 3
-      
+
          hosts:
             - default:
                url: https://<WAZUH_SERVER_IP_ADDRESS>
@@ -118,14 +118,14 @@ Starting the Wazuh dashboard service
       - **Username**: *admin*
       - **Password**: *admin*
 
-    When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem``  file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured. 
+    When you access the Wazuh dashboard for the first time, the browser shows a warning message stating that the certificate was not issued by a trusted authority. An exception can be added in the advanced options of the web browser. For increased security, the ``root-ca.pem``  file previously generated can be imported to the certificate manager of the browser. Alternatively, a certificate from a trusted authority can be configured.
 
 
 Securing your Wazuh installation
 --------------------------------
 
 
-You have now installed and configured all the Wazuh central components. We recommend changing the default credentials to protect your infrastructure from possible attacks. 
+You have now installed and configured all the Wazuh central components. We recommend changing the default credentials to protect your infrastructure from possible attacks.
 
 Select your deployment type and follow the instructions to change the default passwords for both the Wazuh API and the Wazuh indexer users.
 
@@ -135,14 +135,14 @@ Select your deployment type and follow the instructions to change the default pa
    .. group-tab:: All-in-one deployment
 
       #. Use the Wazuh passwords tool to change all the internal users' passwords.
-      
+
          .. code-block:: console
-         
+
             # /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --api --change-all --admin-user wazuh --admin-password wazuh
-         
+
          .. code-block:: console
             :class: output
-       
+
             INFO: The password for user admin is yWOzmNA.?Aoc+rQfDBcF71KZp?1xd7IO
             INFO: The password for user kibanaserver is nUa+66zY.eDF*2rRl5GKdgLxvgYQA+wo
             INFO: The password for user kibanaro is 0jHq.4i*VAgclnqFiXvZ5gtQq1D5LCcL
@@ -153,16 +153,16 @@ Select your deployment type and follow the instructions to change the default pa
             INFO: The password for Wazuh API user wazuh is JYWz5Zdb3Yq+uOzOPyUU4oat0n60VmWI
             INFO: The password for Wazuh API user wazuh-wui is +fLddaCiZePxh24*?jC0nyNmgMGCKE+2
             INFO: Updated wazuh-wui user password in wazuh dashboard. Remember to restart the service.
-       
-    
+
+
    .. group-tab:: Distributed deployment
 
-      #. On `any Wazuh indexer node`, use the Wazuh passwords tool to change the passwords of the Wazuh indexer users. 
+      #. On `any Wazuh indexer node`, use the Wazuh passwords tool to change the passwords of the Wazuh indexer users.
 
          .. code-block:: console
-  
+
             # /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh --change-all
-  
+
          .. code-block:: console
             :class: output
 
@@ -178,18 +178,18 @@ Select your deployment type and follow the instructions to change the default pa
       #. On your `Wazuh server master node`, download the Wazuh passwords tool and use it to change the passwords of the Wazuh API users.
 
          .. code-block:: console
-  
+
             # curl -sO https://packages.wazuh.com/|WAZUH_CURRENT_MINOR|/wazuh-passwords-tool.sh
             # bash wazuh-passwords-tool.sh --api --change-all --admin-user wazuh --admin-password wazuh
-  
+
          .. code-block:: console
             :class: output
 
             INFO: The password for Wazuh API user wazuh is ivLOfmj7.jL6*7Ev?UJoFjrkGy9t6Je.
             INFO: The password for Wazuh API user wazuh-wui is fL+f?sFRPEv5pYRE559rqy9b6G4Z5pVi
 
       #. On `all your Wazuh server nodes`, run the following command to update the `admin` password in the Filebeat keystore. Replace ``<ADMIN_PASSWORD>`` with the random password generated in the first step.
-      
+
          .. code-block:: console
 
             # echo <ADMIN_PASSWORD> | filebeat keystore add password --stdin --force
@@ -199,7 +199,7 @@ Select your deployment type and follow the instructions to change the default pa
          .. include:: /_templates/common/restart_filebeat.rst
 
          .. note:: Repeat steps 3 and 4 on `every Wazuh server node`.
-       
+
       #. On your `Wazuh dashboard node`, run the following command to update the `kibanaserver` password in the Wazuh dashboard keystore. Replace ``<KIBANASERVER_PASSWORD>`` with the random password generated in the first step.
 
          .. code-block:: console
@@ -210,7 +210,7 @@ Select your deployment type and follow the instructions to change the default pa
 
          .. code-block:: yaml
             :emphasize-lines: 6
-           
+
             hosts:
               - default:
                   url: https://127.0.0.1
@@ -249,7 +249,7 @@ All the Wazuh central components are successfully installed and secured.
 
       </a>
     </div>
-  
+
     <div class="link-boxes-item past-step">
       <a class="link-boxes-link" href="../wazuh-server/index.html">
         <p class="link-boxes-label">Install the Wazuh server</p>
@@ -262,15 +262,15 @@ All the Wazuh central components are successfully installed and secured.
 
       </a>
     </div>
-  
+
     <div class="link-boxes-item past-step">
       <a class="link-boxes-link" href="index.html">
         <p class="link-boxes-label">Install the Wazuh dashboard</p>
 
 .. image:: ../../images/installation/Dashboard-Circle.png
      :align: center
      :height: 61px
-     
+
 .. raw:: html
 
       </a>

diff --git a/source/release-notes/index-4x.rst b/source/release-notes/index-4x.rst
@@ -12,7 +12,7 @@ This section summarizes the most important features of each Wazuh 4.x release.
 Wazuh version                                  Release date
 =============================================  ====================
 :doc:`4.10.1 </release-notes/release-4-10-1>`  TBD
-:doc:`4.10.0 </release-notes/release-4-10-0>`  TBD
+:doc:`4.10.0 </release-notes/release-4-10-0>`  9 January 2025
 :doc:`4.9.2 </release-notes/release-4-9-2>`    4 November 2024
 :doc:`4.9.1 </release-notes/release-4-9-1>`    17 October 2024
 :doc:`4.9.0 </release-notes/release-4-9-0>`    5 September 2024

diff --git a/source/release-notes/index.rst b/source/release-notes/index.rst
@@ -12,7 +12,7 @@ This section summarizes the most important features of each Wazuh release.
 Wazuh version                                    Release date
 ==============================================   ====================
 :doc:`4.10.1 </release-notes/release-4-10-1>`    TBD
-:doc:`4.10.0 </release-notes/release-4-10-0>`    TBD
+:doc:`4.10.0 </release-notes/release-4-10-0>`    9 January 2025
 :doc:`4.9.2 </release-notes/release-4-9-2>`      4 November 2024
 :doc:`4.9.1 </release-notes/release-4-9-1>`      17 October 2024
 :doc:`4.9.0 </release-notes/release-4-9-0>`      5 September 2024

diff --git a/source/release-notes/release-4-10-0.rst b/source/release-notes/release-4-10-0.rst
@@ -3,8 +3,8 @@
 .. meta::
    :description: Wazuh 4.10.0 has been released. Check out our release notes to discover the changes and additions of this release.
 
-4.10.0 Release notes - TBD
-==========================
+4.10.0 Release notes - 9 January 2025
+=====================================
 
 This section lists the changes in version 4.10.0. Every update of the Wazuh solution is cumulative and includes all enhancements and fixes from previous releases.
 

diff --git a/source/user-manual/capabilities/vulnerability-detection/FAQ.rst b/source/user-manual/capabilities/vulnerability-detection/FAQ.rst
@@ -0,0 +1,102 @@
+.. Copyright (C) 2015, Wazuh, Inc.
+
+.. meta::
+   :description: Learn how to solve common issues with the Vulnerability Detection module in this section of the documentation.
+
+Frequently Asked Questions (FAQs)
+=================================
+
+This section provides solutions to common issues encountered during the configuration, installation, and operation of the Vulnerability Detection module.
+
+Communication issues between the Wazuh server and the Wazuh indexer
+-------------------------------------------------------------------
+
+.. list-table:: Issue description
+   :widths: 15 50
+
+   *  -  Problem
+      -  No vulnerabilities reported in the Wazuh dashboard, or the ``wazuh-states-vulnerabilities-*`` index has not been created. The manager logs might show messages like ``IndexerConnector initialization failed for index 'X', retrying until the connection is successful``.
+   *  -  Cause
+      -  A misconfiguration in one of the following components:
+
+         -  Vulnerability detector
+         -  Indexer connector
+         -  wazuh-keystore
+
+Troubleshooting steps
+^^^^^^^^^^^^^^^^^^^^^
+
+Step 1: Check credentials and configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+#. Ensure the wazuh-keystore is updated with correct admin username and password. For details, see the :doc:`wazuh-keystore </user-manual/reference/tools/wazuh-keystore>` documentation.
+#. Verify the :doc:`indexer connector configuration </user-manual/reference/ossec-conf/indexer>` at ``/var/ossec/etc/ossec.conf``. Ensure:
+
+   -  The ``<host>`` section contains the correct Wazuh indexer URL. The host FQDN/IP address must match the certificate details.
+   -  The ``<ssl>`` section specifies the correct paths for the certificate, key, and CA files.
+
+**Example configuration**:
+
+.. code-block:: xml
+   :emphasize-lines: 4,8,10,11
+
+   <indexer>
+     <enabled>yes</enabled>
+     <hosts>
+       <host>https://0.0.0.0:9200</host>
+     </hosts>
+     <ssl>
+       <certificate_authorities>
+         <ca>/etc/filebeat/certs/root-ca.pem</ca>
+       </certificate_authorities>
+       <certificate>/etc/filebeat/certs/filebeat.pem</certificate>
+       <key>/etc/filebeat/certs/filebeat-key.pem</key>
+     </ssl>
+   </indexer>
+
+Step 2: Verify the connection
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can verify the connection to the Wazuh indexer using the ``curl`` command from the Wazuh server.
+
+.. code-block:: console
+
+   # curl --cacert <ROOT_CA> --cert <CERTIFICATE_PEM> --key <CERTIFICATE_KEY> -u <USER>:<PASS> -XGET https://<INDEXER_IP_ADDRESS>:9200/_cluster/health
+
+Where:
+
+-  ``<ROOT_CA>``, ``<CERTIFICATE_PEM>``, ``<CERTIFICATE_KEY>``: Certificate paths.
+-  ``<USER>`` and ``<PASS>``: Admin credentials.
+-  ``<INDEXER_IP_ADDRESS>``: IP address of the Wazuh indexer.
+
+If this command fails, the vulnerability detector module won't be able to connect to the indexer.
+
+To check if the issue is related to certificates, bypass certificate verification using the ``-k`` option:
+
+.. code-block:: console
+
+   # curl -k -u <USER>:<PASS> -XGET https://<INDEXER_IP_ADDRESS>:9200/_cluster/health
+
+A successful connection returns a result similar to the following:
+
+.. code-block:: json
+
+   {
+       "cluster_name": "opensearch",
+       "status": "green",
+       "timed_out": false,
+       "number_of_nodes": 1,
+       "number_of_data_nodes": 1,
+       "discovered_master": true,
+       "discovered_cluster_manager": true,
+       "active_primary_shards": 9,
+       "active_shards": 9,
+       "relocating_shards": 0,
+       "initializing_shards": 0,
+       "unassigned_shards": 0,
+       "delayed_unassigned_shards": 0,
+       "number_of_pending_tasks": 0,
+       "number_of_in_flight_fetch": 0,
+       "task_max_waiting_in_queue_millis": 0,
+       "active_shards_percent_as_number": 100.0
+   }
diff --git a/source/user-manual/capabilities/vulnerability-detection/index.rst b/source/user-manual/capabilities/vulnerability-detection/index.rst
@@ -2,7 +2,7 @@
 
 .. meta::
    :description: The Vulnerability Detection module detects vulnerabilities in applications installed on the endpoints. Learn more about this capability in this section.
-  
+
 Vulnerability detection
 =======================
 
@@ -23,3 +23,4 @@ The Wazuh Vulnerability Detection module helps users discover vulnerabilities in
       how-it-works
       configuring-scans
       offline-update
+      troubleshooting