From 620bf04835b98468020d5fdd564e8b3af5afe899 Mon Sep 17 00:00:00 2001
From: cadoming <carlos.dominguez@wazuh.com>
Date: Thu, 3 Jan 2019 09:35:40 +0000
Subject: [PATCH 1/4] ossec.conf for windows agents

---
 .../ansible-wazuh-agent/defaults/main.yml     | 155 +++++++++++++++++-
 .../var-ossec-etc-ossec-agent.conf.j2         |  99 ++++++++---
 2 files changed, 230 insertions(+), 24 deletions(-)

diff --git a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
index 0b9aa567..c3e1f650 100644
--- a/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
+++ b/roles/wazuh/ansible-wazuh-agent/defaults/main.yml
@@ -31,6 +31,7 @@ wazuh_agent_config:
   active_response:
      ar_disabled: 'no'
      ca_store: '/var/ossec/etc/wpk_root.pem'
+     ca_store_win: 'wpk_root.pem'
      ca_verification: 'yes'
   log_format: 'plain'
   client_buffer:
@@ -44,6 +45,7 @@ wazuh_agent_config:
     alert_new_files: 'yes'
     remove_old_diff: 'yes'
     restart_audit: 'yes'
+    win_audit_interval: 300
     skip_nfs: 'yes'
     ignore:
       - /etc/mtab
@@ -61,6 +63,8 @@ wazuh_agent_config:
       - /etc/svc/volatile
       - /sys/kernel/security
       - /sys/kernel/debug
+    ignore_win:
+      - '.log$|.htm$|.jpg$|.png$|.chm$|.pnf$|.evtx$'
     no_diff:
       - /etc/ssl/private.key
     directories:
@@ -68,10 +72,142 @@ wazuh_agent_config:
         checks: 'check_all="yes"'
       - dirs: /bin,/sbin
         checks: 'check_all="yes"'
+    win_directories:
+      - dirs: '%WINDIR%\regedit.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\system.ini'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\win.ini'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\at.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\attrib.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\cacls.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\cmd.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\drivers\etc'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\eventcreate.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\ftp.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\lsass.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\net.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\net1.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\netsh.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\reg.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\regedt32.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\regsvr32.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\runas.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\sc.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\schtasks.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\sethc.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\subst.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\wbem\WMIC.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\WindowsPowerShell\v1.0\powershell.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\SysNative\winrm.vbs'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\at.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\attrib.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\cacls.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\cmd.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\drivers\etc'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\eventcreate.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\ftp.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\net.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\net1.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\netsh.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\reg.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\regedit.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\regedt32.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\regsvr32.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\runas.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\sc.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\schtasks.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\sethc.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\subst.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\wbem\WMIC.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\WindowsPowerShell\v1.0\powershell.exe'
+        checks: 'check_all="yes"'
+      - dirs: '%WINDIR%\System32\winrm.vbs'
+        checks: 'check_all="yes"'
+      - dirs: '%PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs\Startup'
+        checks: 'check_all="yes" realtime="yes"'
     windows_registry:
       - key: 'HKEY_LOCAL_MACHINE\Software\Classes\batfile'
-        arch: 'both'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\cmdfile'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\comfile'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\exefile'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\piffile'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Directory'
       - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Folder'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Classes\Protocols'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\Software\Policies'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\Security'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services'
+      - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\KnownDLLs'
+      - key: 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurePipeServers\winreg'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx'
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon'
+        arch: "both"
+      - key: 'HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components'
+        arch: "both"
+    windows_registry_ignore:
+      - key: 'HKEY_LOCAL_MACHINE\Security\Policy\Secrets'
+      - key: 'HKEY_LOCAL_MACHINE\Security\SAM\Domains\Account\Users'
+      - key: '\Enum$'
+        type: "sregex"
   rootcheck:
     frequency: 43200
   openscap:
@@ -82,8 +218,11 @@ wazuh_agent_config:
   osquery:
     disable: 'yes'
     run_daemon: 'yes'
+    bin_path_win: 'C:\ProgramData\osquery\osqueryd'
     log_path: '/var/log/osquery/osqueryd.results.log'
+    log_path_win: 'C:\ProgramData\osquery\log\osqueryd.results.log'
     config_path: '/etc/osquery/osquery.conf'
+    config_path_win: 'C:\ProgramData\osquery\osquery.conf'
     ad_labels: 'yes'
   syscollector:
     disable: 'no'
@@ -102,7 +241,9 @@ wazuh_agent_config:
     interval: '1d'
     scan_on_start: 'yes'
     java_path: '/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin'
+    java_path_win: '\\server\jre\bin\java.exe'
     ciscat_path: '/var/ossec/wodles/ciscat'
+    ciscat_path_win: 'C:\cis-cat'
     content:
       - type: 'xccdf'
         path: 'benchmarks/CIS_Ubuntu_Linux_16.04_LTS_Benchmark_v1.0.0-xccdf.xml'
@@ -136,7 +277,7 @@ wazuh_agent_config:
         location: '/var/log/maillog'
       - format: 'audit'
         location: '/var/log/audit/audit.log'
-    common:
+    linux:
       - format: 'syslog'
         location: '/var/ossec/logs/active-responses.log'
       - format: 'command'
@@ -149,3 +290,13 @@ wazuh_agent_config:
       - format: 'full_command'
         command: 'last -n 20'
         frequency: '360'
+    windows:
+      - format: 'eventlog' 
+        location: 'Application'
+      - format: 'eventchannel'
+        location: 'Security'
+        query: 'Event/System[EventID != 5145 and EventID != 5156 and EventID != 5447 and EventID != 4656 and EventID != 4658 and EventID != 4663 and EventID != 4660 and EventID != 4670 and EventID != 4690 and EventID != 4703 and EventID != 4907]'  
+      - format: 'eventlog'
+        location: 'System'
+      - format: 'syslog'
+        location: 'active-response\active-responses.log'
diff --git a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2 b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
index 14d34fe3..3cc6ba1b 100644
--- a/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
+++ b/roles/wazuh/ansible-wazuh-agent/templates/var-ossec-etc-ossec-agent.conf.j2
@@ -43,13 +43,14 @@
 
   <active-response>
     <disabled>{{ wazuh_agent_config.active_response.ar|default('no') }}</disabled>
-    <ca_store>{{ wazuh_agent_config.active_response.ca_store }}</ca_store>
+    <ca_store>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.active_response.ca_store_win }}{% else %}{{ wazuh_agent_config.active_response.ca_store }}{% endif %}</ca_store>
     <ca_verification>{{ wazuh_agent_config.active_response.ca_verification }}</ca_verification>
   </active-response>
 
   {% if wazuh_agent_config.rootcheck is defined %}
   <rootcheck>
     <disabled>no</disabled>
+    {% if ansible_system == "Linux" %}
     <check_unixaudit>yes</check_unixaudit>
     <check_files>yes</check_files>
     <check_trojans>yes</check_trojans>
@@ -62,13 +63,6 @@
     <!-- Frequency that rootcheck is executed - every 12 hours -->
     <frequency>{{ wazuh_agent_config.rootcheck.frequency }}</frequency>
 
-    {% if ansible_os_family == "Windows" %}
-    <windows_audit>./shared/win_audit_rcl.txt</windows_audit>
-    <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
-    <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
-    {% endif %}
-
-    {% if ansible_system == "Linux" %}
     <rootkit_files>/var/ossec/etc/shared/rootkit_files.txt</rootkit_files>
     <rootkit_trojans>/var/ossec/etc/shared/rootkit_trojans.txt</rootkit_trojans>
     <system_audit>/var/ossec/etc/shared/system_audit_rcl.txt</system_audit>
@@ -76,9 +70,15 @@
     {% if cis_distribution_filename is defined %}
     <system_audit>/var/ossec/etc/shared/{{ cis_distribution_filename }}</system_audit>
     {% endif %}
+    <skip_nfs>yes</skip_nfs>
+    {% endif %}
+
+    {% if ansible_os_family == "Windows" %}
+    <windows_audit>./shared/win_audit_rcl.txt</windows_audit>
+    <windows_apps>./shared/win_applications_rcl.txt</windows_apps>
+    <windows_malware>./shared/win_malware_rcl.txt</windows_malware>
     {% endif %}
 
-    <skip_nfs>yes</skip_nfs>
   </rootcheck>
   {% endif %}
 
@@ -86,44 +86,61 @@
   {% if wazuh_agent_config.syscheck is defined %}
   <syscheck>
     <disabled>no</disabled>
+<!--    #<alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
+    <!-- Frequency that syscheck is executed -- default every 20 hours -->
+    <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
     {% if ansible_system == "Linux" %}
 <!--    #<directories check_all="yes" realtime="yes" restrict="^/var/ossec/etc/shared/agent.conf$">/var/ossec/etc/shared</directories> -->
     <directories check_all="yes">/etc,/usr/bin,/usr/sbin</directories>
     <directories check_all="yes">/bin,/sbin,/boot</directories>
-    {% endif %}
 
     <auto_ignore>{{ wazuh_agent_config.syscheck.auto_ignore }}</auto_ignore>
-<!--    #<alert_new_files>{{ wazuh_agent_config.syscheck.alert_new_files }}</alert_new_files> -->
-    <!-- Frequency that syscheck is executed -- default every 20 hours -->
-    <frequency>{{ wazuh_agent_config.syscheck.frequency }}</frequency>
     <scan_on_start>{{ wazuh_agent_config.syscheck.scan_on_start }}</scan_on_start>
+    {% endif %}
 
     <!-- Directories to check  (perform all possible verifications) -->
-    {% if wazuh_agent_config.syscheck.directories is defined %}
+    {% if wazuh_agent_config.syscheck.directories is defined and ansible_os_family == "Linux" %}
     {% for directory in wazuh_agent_config.syscheck.directories %}
     <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
     {% endfor %}
     {% endif %}
 
+    <!-- Directories to check  (perform all possible verifications) -->
+    {% if wazuh_agent_config.syscheck.win_directories is defined and ansible_os_family == "Windows" %}
+    {% for directory in wazuh_agent_config.syscheck.win_directories %}
+    <directories {{ directory.checks }}>{{ directory.dirs }}</directories>
+    {% endfor %}
+    {% endif %}
+
     <!-- Files/directories to ignore -->
-    {% if wazuh_agent_config.syscheck.ignore is defined %}
+    {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Linux" %}
     {% for ignore in wazuh_agent_config.syscheck.ignore %}
     <ignore>{{ ignore }}</ignore>
     {% endfor %}
     {% endif %}
 
+    {% if wazuh_agent_config.syscheck.ignore is defined and ansible_system == "Windows" %}
+    {% for ignore in wazuh_agent_config.syscheck.ignore_win %}
+    <ignore type="sregex">{{ ignore }}</ignore>
+    {% endfor %}
+    {% endif %}
+
+    {% if ansible_system == "Linux" %}
     <!-- Files no diff -->
     {% for no_diff in wazuh_agent_config.syscheck.no_diff %}
     <nodiff>{{ no_diff }}</nodiff>
     {% endfor %}
-    
+
     <skip_nfs>{{ wazuh_agent_config.syscheck.skip_nfs }}</skip_nfs>
+    {% endif %}
     <!-- Remove not monitored files -->
     <remove_old_diff>{{ wazuh_agent_config.syscheck.remove_old_diff }}</remove_old_diff>
 
+    {% if ansible_system == "Linux"%}
     <!-- Allow the system to restart Auditd after installing the plugin -->
     <restart_audit>{{ wazuh_agent_config.syscheck.restart_audit }}</restart_audit>
- 
+    {% endif %} 
+
     {% if ansible_os_family == "Windows" %}
     {% for registry_key in wazuh_agent_config.syscheck.windows_registry %}
     {% if registry_key.arch is defined %}
@@ -133,6 +150,21 @@
     {% endif %}
     {% endfor %}
     {% endif %}
+
+    {% if ansible_os_family == "Windows" %}
+    {% for registry_key in wazuh_agent_config.syscheck.windows_registry_ignore %}
+    {% if registry_key.type is defined %}
+    <registry_ignore type="{{ registry_key.type }}">{{ registry_key.key }}</registry_ignore>
+    {% else %}
+    <registry_ignore>{{ registry_key.key }}</registry_ignore>
+    {% endif %}
+    {% endfor %}
+    {% endif %}
+
+    {% if ansible_os_family == "Windows" %}
+    <!-- Frequency for ACL checking (seconds) -->
+    <windows_audit_interval>{{ wazuh_agent_config.syscheck.win_audit_interval }}</windows_audit_interval>
+    {% endif %}
   </syscheck>
   {% endif %}
 
@@ -189,7 +221,7 @@
   </wodle>
   {% endif %}
 
-  {% if ansible_system == "Linux" and wazuh_agent_config.cis_cat.disable == 'no' %}
+  {% if wazuh_agent_config.cis_cat.disable == 'no' %}
   <wodle name="cis-cat">
     <disabled>no</disabled>
     <timeout>{{ wazuh_agent_config.cis_cat.timeout }}</timeout>
@@ -197,15 +229,19 @@
     <scan-on-start>{{ wazuh_agent_config.cis_cat.scan_on_start }}</scan-on-start>
     {% if wazuh_agent_config.cis_cat.install_java == 'yes' and ansible_system == "Linux" %}
     <java_path>/usr/bin</java_path>
+    {% elif ansible_os_family == "Windows" %}
+    <java_path>{{ wazuh_agent_config.cis_cat.java_path_win }}</java_path>
     {% else %}
     <java_path>{{ wazuh_agent_config.cis_cat.java_path }}</java_path>
     {% endif %}
-    <ciscat_path>{{ wazuh_agent_config.cis_cat.ciscat_path }}</ciscat_path>
+    <ciscat_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.cis_cat.ciscat_path_win }}{% else %}{{ wazuh_agent_config.cis_cat.ciscat_path }}{% endif %}</ciscat_path>
+    {% if ansible_system == "Linux" %}
     {% for benchmark in wazuh_agent_config.cis_cat.content %}
     <content type="{{ benchmark.type }}" path="{{ benchmark.path }}">
       <profile>{{ benchmark.profile }}</profile>
     </content>
     {% endfor %}
+    {% endif %}
   </wodle>
   {% endif %}
 
@@ -213,8 +249,11 @@
   <wodle name="osquery">
     <disabled>{{ wazuh_agent_config.osquery.disable }}</disabled>
     <run_daemon>{{ wazuh_agent_config.osquery.run_daemon }}</run_daemon>
-    <log_path>{{ wazuh_agent_config.osquery.log_path }}</log_path>
-    <config_path>{{ wazuh_agent_config.osquery.config_path }}</config_path>
+    {% if ansible_os_family == "Windows" %}
+    <bin_path>{{ wazuh_agent_config.osquery.bin_path_win }}</bin_path>
+    {% endif %}
+    <log_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.osquery.log_path_win }}{% else %}{{ wazuh_agent_config.osquery.log_path }}{% endif %}</log_path>
+    <config_path>{% if ansible_os_family == "Windows" %}{{ wazuh_agent_config.osquery.config_path_win }}{% else %}{{ wazuh_agent_config.osquery.config_path }}{% endif %}</config_path>
     <add_labels>{{ wazuh_agent_config.osquery.ad_labels }}</add_labels>
   </wodle>
 
@@ -245,7 +284,8 @@
   {% endif %}
 
   <!-- Files to monitor (localfiles) -->
-    {% for localfile in wazuh_agent_config.localfiles.common %}
+    {% if ansible_system == "Linux" %}
+    {% for localfile in wazuh_agent_config.localfiles.linux %}
     <localfile>
         <log_format>{{ localfile.format }}</log_format>
     {% if localfile.format == 'command' or localfile.format == 'full_command' %}
@@ -256,6 +296,7 @@
     {% endif %}
     </localfile>
   {% endfor %}
+  {% endif %}
 
     {% if ansible_os_family == "Debian" %}
     {% for localfile in wazuh_agent_config.localfiles.debian %}
@@ -284,4 +325,18 @@
     </localfile>
   {% endfor %}
   {% endif %}
+
+   {% if ansible_os_family == "Windows" %}
+   {% for localfile in wazuh_agent_config.localfiles.windows %}
+    <localfile>
+        <log_format>{{ localfile.format }}</log_format>
+    {% if localfile.format == 'eventchannel' %}
+        <location>{{ localfile.location }}</location>
+        <query>{{ localfile.query}}</query>
+    {% else %}
+        <location>{{ localfile.location }}</location>
+    {% endif %}
+    </localfile>
+  {% endfor %}
+  {% endif %}
 </ossec_config>

From 0bac60cd470e91c161a11c767c0fdc2863a0a86a Mon Sep 17 00:00:00 2001
From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com>
Date: Wed, 9 Jan 2019 14:34:26 +0100
Subject: [PATCH 2/4] Update CHANGELOG.md

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 04a30e8d..97fb77cd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,9 @@ All notable changes to this project will be documented in this file.
 - Fixed a couple linting issues with yamllint and ansible-review ([#111](https://github.com/wazuh/wazuh-ansible/pull/111))
 
 ## [v3.7.2]
+### Added
+
+- Adapt ossec.conf file for windows agents ([#118]https://github.com/wazuh/wazuh-ansible/pull/118) 
 
 ### Changed
 

From c56908bc8925fcf3dcce6d0a18be3c3029b78dbc Mon Sep 17 00:00:00 2001
From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com>
Date: Wed, 9 Jan 2019 14:35:10 +0100
Subject: [PATCH 3/4] Update CHANGELOG.md

---
 CHANGELOG.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 97fb77cd..4da6c6ca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 ## [v3.7.x]
 
+### Added
+
+- Adapt ossec.conf file for windows agents ([#118]https://github.com/wazuh/wazuh-ansible/pull/118) 
+
 ### Changed 
 
 - Changed Windows installation directory ([#116](https://github.com/wazuh/wazuh-ansible/pull/116))
@@ -12,9 +16,6 @@ All notable changes to this project will be documented in this file.
 - Fixed a couple linting issues with yamllint and ansible-review ([#111](https://github.com/wazuh/wazuh-ansible/pull/111))
 
 ## [v3.7.2]
-### Added
-
-- Adapt ossec.conf file for windows agents ([#118]https://github.com/wazuh/wazuh-ansible/pull/118) 
 
 ### Changed
 

From feda8bd0c4c3c9940020f5226135235d9b098f88 Mon Sep 17 00:00:00 2001
From: Carlos Dominguez <43823505+cadoming@users.noreply.github.com>
Date: Wed, 9 Jan 2019 14:36:07 +0100
Subject: [PATCH 4/4] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4da6c6ca..482fda2b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
 
 ### Added
 
-- Adapt ossec.conf file for windows agents ([#118]https://github.com/wazuh/wazuh-ansible/pull/118) 
+- Adapt ossec.conf file for windows agents ([#118](https://github.com/wazuh/wazuh-ansible/pull/118)) 
 
 ### Changed