Update documentation for new syscollector Services and Browser Extensions tables #8797
Description
Request Details
Target version: 4.14.0
Request type:
- Product update
- Fixes or corrections
- Improvement
- Other:
Affected Documentation
Documentation section(s):
- Syscollector module
- Inventory data collection
- Wazuh agent configuration reference
- Compatibility matrix
- RBAC API reference
- Puppet module parameters (wazuh-agent and wazuh-manager classes)
- Ansible deployment variables
- Inventory field definitions (🛑 CRITICAL)
- Wazuh DB syscollector tables reference
- Compliance documentation (Common Criteria)
Specific page URLs:
- https://documentation.wazuh.com/current/user-manual/reference/ossec-conf/wodle-syscollector.html
- https://documentation.wazuh.com/current/user-manual/capabilities/system-inventory/configuration.html
- https://documentation.wazuh.com/current/user-manual/capabilities/system-inventory/compatibility-matrix.html
- https://documentation.wazuh.com/current/user-manual/capabilities/system-inventory/using-syscollector-information-to-trigger-alerts.html#new-searchable-fields-on-the-wazuh-dashboard
- https://documentation.wazuh.com/current/user-manual/api/rbac/reference.html
- https://documentation.wazuh.com/current/deployment-options/deploying-with-puppet/wazuh-puppet-module/reference-wazuh-puppet/wazuh-agent-class.html
- https://documentation.wazuh.com/current/deployment-options/deploying-with-puppet/wazuh-puppet-module/reference-wazuh-puppet/wazuh-manager-class.html
- https://documentation.wazuh.com/current/deployment-options/deploying-with-ansible/reference.html
- https://documentation.wazuh.com/current/user-manual/capabilities/system-inventory/available-inventory-fields.html
- https://documentation.wazuh.com/current/user-manual/reference/daemons/wazuh-db.html#syscollector-tables
- https://documentation.wazuh.com/current/compliance/tsc/common-criteria/cc6.1.html
- https://documentation.wazuh.com/current/compliance/nist/vulnerability-detection.html#windows-endpoint
Description
As part of the following development effort:
The syscollector module has been extended with new inventory tables for:
- Services
- Browser Extensions
These tables are compatible with stateful inventory collection and follow the new event-based data model used by the Wazuh agent. They include new fields and support for change tracking across all supported platforms (Linux, macOS, and Windows).
Special notes
- The compatibility matrix must reflect that only the Users and Groups inventory tables are supported across Windows, macOS, and Linux.
- The RBAC API reference must be updated to include access rules for the new
syscollectortables. - The Puppet module references and
wazuh-manager class must reflect any new supported parameters or behaviors. - The Ansible reference must be updated to include the new behavior and supported values for the
wazuh_manager_syscollectorandwazuh_agent_syscollectorvariables. - The inventory fields page must be rebuilt using the reference from this comment:
- The wazuh-db syscollector tables section must be updated to document the structure and usage of the new
usersandgroupstables. - The Common Criteria compliance section must be reviewed and updated to ensure alignment with the extended inventory capabilities introduced by
syscollector.
Documentation to review (optional or pending decision)
-
https://documentation.wazuh.com/current/user-manual/capabilities/system-inventory/viewing-system-inventory-data.html
Review if updates are needed to reflect the newServicesandBrowser Extensionsinventory tables and stateful behavior. -
https://documentation.wazuh.com/current/user-manual/capabilities/vulnerability-detection/configuring-scans.html
Evaluate if the new inventory data types impact vulnerability detection or are referenced in scan configuration.