🛡️ How to Seamlessly Upgrade Wazuh Agents: A Step-by-Step Guide

Keeping your security stack up to date is critical for maintaining visibility and compliance. Wazuh agents play a key role in collecting telemetry from endpoints and forwarding it to the Wazuh manager for analysis and alerting. In this post, I’ll walk you through a clean and reliable way to upgrade Wazuh agents — whether you’re managing a few servers or scaling across multiple environments.

📌 Why Upgrade the Wazuh Agent?

Upgrading agents ensures:

• ✅ Compatibility with the latest Wazuh Manager version
• 🔐 Security patches and performance improvements
• 🧰 Access to new monitoring modules and bug fixes
• 📊 Better stability for log collection and analysis

Running mismatched versions between the agent and the manager can cause communication issues or feature limitations. Keeping them aligned is a best practice in any SOC environment.

(Using CLI)

🧭 Step 1: Check the Current Agent Version

Before upgrading, check what version is currently installed:

⚙️ Step 2: Install the Wazuh Agent

(Using GUI)

Step 1: Login to the Wazuh Dashboard and verify the version of the Wazuh Agent

Step 2: Select the 3 dots and Click Upgrade

Step 3: Verify the Task

Step 4: Verify the task status is DONE and the Agent has been updated.

🌐 Automate at Scale (Optional)

For larger environments, consider using:

• Ansible / Puppet / Chef to roll out upgrades in batches
• SSH or remote execution tools to push updates to groups of servers
• Version pinning to ensure consistent agent versions across environments

✅ Final Thoughts

Upgrading Wazuh agents is a quick but essential maintenance task that strengthens your overall security posture. By following a structured approach — check → download → upgrade → validate — you minimize downtime and ensure your monitoring remains intact.