Update the Wazuh central components upgrade guide

javimed · javimed · commit f01675cef229 · 2025-09-25T13:17:11.000-03:00
diff --git a/source/upgrade-guide/upgrading-central-components.rst b/source/upgrade-guide/upgrading-central-components.rst
@@ -296,27 +296,57 @@ Upgrading the Wazuh manager
 #. Upgrade the Wazuh manager to the latest version:
 
    .. tabs::
-   
+
       .. group-tab:: Yum
-   
+
          .. code-block:: console
-   
+
             # yum upgrade wazuh-manager|WAZUH_MANAGER_RPM_PKG_INSTALL|
-   
+
       .. group-tab:: APT
-   
+
          .. code-block:: console
-   
+
             # apt-get install wazuh-manager|WAZUH_MANAGER_DEB_PKG_INSTALL|
-   
+
    .. warning::
-   
+
       If the ``/var/ossec/etc/ossec.conf`` configuration file was modified, it will not be replaced by the upgrade. You will therefore have to add the settings of the new capabilities manually. More information can be found in the :doc:`/user-manual/index`.
 
 #. Run the following command on the Wazuh manager node(s) to start the Wazuh manager service if you stopped it earlier:
 
    .. include:: /_templates/common/start_manager.rst
 
+Configuring CDB lists
+^^^^^^^^^^^^^^^^^^^^^
+
+When upgrading from Wazuh 4.12.x or earlier, follow these steps to configure the newly added CDB lists.
+
+#. Edit the ``/var/ossec/etc/ossec.conf`` file and update the ``<ruleset>`` block with the CDB lists highlighted below. 
+
+   .. code-block:: xml
+      :emphasize-lines: 9-11
+
+      <ruleset>
+          <!-- Default ruleset -->
+          <decoder_dir>ruleset/decoders</decoder_dir>
+          <rule_dir>ruleset/rules</rule_dir>
+          <rule_exclude>0215-policy_rules.xml</rule_exclude>
+          <list>etc/lists/audit-keys</list>
+          <list>etc/lists/amazon/aws-eventnames</list>
+          <list>etc/lists/security-eventchannel</list>
+          <list>etc/lists/malicious-ioc/malware-hashes</list>
+          <list>etc/lists/malicious-ioc/malicious-ip</list>
+          <list>etc/lists/malicious-ioc/malicious-domains</list>
+          <!-- User-defined ruleset -->
+          <decoder_dir>etc/decoders</decoder_dir>
+          <rule_dir>etc/rules</rule_dir>
+      </ruleset>
+
+#. Restart the Wazuh manager to apply the configuration changes
+
+   .. include:: /_templates/common/start_manager.rst
+
 .. _configuring_vulnerability_detection:
 
 Configuring vulnerability detection
@@ -385,6 +415,10 @@ When upgrading from Wazuh version 4.7.x or earlier, follow these steps to config
 
    If you have forgotten your Wazuh indexer password, refer to the :doc:`password management guide </user-manual/user-administration/password-management>` to reset it.
 
+#. Restart the Wazuh manager to apply the configuration changes
+
+   .. include:: /_templates/common/start_manager.rst
+
 .. _configuring_filebeat:
 
 Configuring Filebeat
