wazuh · javimed · Oct 3, 2025 · Nov 13, 2025 · Nov 19, 2025
diff --git a/source/deployment-options/deploying-with-ansible/reference.rst b/source/deployment-options/deploying-with-ansible/reference.rst
@@ -224,7 +224,7 @@ Wazuh Manager
 
 |
 | **Variable**: ``wazuh_manager_osquery``
-| **Description**: Configures the :doc:`wodle</user-manual/reference/ossec-conf/wodle-osquery>` item named ``osquery`` from ``ossec.conf``.
+| **Description**: Configures the wodle item named ``osquery`` from ``ossec.conf``.
 | **Default values**:
 
 .. code-block:: yaml
@@ -942,24 +942,6 @@ Wazuh Agent
 .. code-block:: yaml
 
     wazuh_profile: "ubuntu, ubuntu18"
-
-|
-| **Variable**: ``wazuh_agent_authd``
-| **Description**: Set the agent-authd facility. This will enable or not the automatic agent registration, you could set various options in accordance with the authd service configured in the Wazuh Manager. This Ansible role will use the address defined on ``registration_address`` as the authd registration server.
-| **Example**:
-
-.. code-block:: yaml
-
-    wazuh_agent_authd:
-      registration_address: 10.1.1.12
-      enable: false
-      port: 1515
-      agent_name: null
-      groups: []
-      ssl_agent_ca: null
-      ssl_agent_cert: null
-      ssl_agent_key: null
-      ssl_auto_negotiate: 'no'
 
 |
 | **Variable**: ``wazuh_auto_restart``
@@ -988,8 +970,6 @@ Wazuh Agent
       download_dir: C:\
       install_dir: C:\Program Files\ossec-agent\
       install_dir_x86: C:\Program Files (x86)\ossec-agent\
-      auth_path: C:\Program Files\ossec-agent\agent-auth.exe
-      auth_path_x86: C:\'Program Files (x86)'\ossec-agent\agent-auth.exe
       check_sha512: True
 
 |
@@ -1037,26 +1017,9 @@ Wazuh Agent
     wazuh_agent_rootcheck:
       frequency: 43200
 
-|
-| **Variable**: ``wazuh_agent_osquery``
-| **Description**: Configures the :doc:`wodle</user-manual/reference/ossec-conf/wodle-osquery>` item named ``osquery`` from ``ossec.conf``.
-| **Default values**:
-
-.. code-block:: yaml
-
-    wazuh_agent_osquery:
-      disable: 'yes'
-      run_daemon: 'yes'
-      bin_path_win: 'C:\Program Files\osquery\osqueryd'
-      log_path: '/var/log/osquery/osqueryd.results.log'
-      log_path_win: 'C:\Program Files\osquery\log\osqueryd.results.log'
-      config_path: '/etc/osquery/osquery.conf'
-      config_path_win: 'C:\Program Files\osquery\osquery.conf'
-      add_labels: 'yes'
-
 |
 | **Variable**: ``wazuh_agent_syscollector``
-| **Description**: Configures the :doc:`wodle </user-manual/reference/ossec-conf/wodle-syscollector>` item named ``syscollector`` from ``ossec.conf``.
+| **Description**: Configures the wodle item named ``syscollector`` from ``ossec.conf``.
 | **Default values**:
 
 .. code-block:: yaml
@@ -1299,10 +1262,8 @@ Wazuh Agent
 
       rootcheck: '{{ wazuh_agent_rootcheck }}'
 
-      osquery: '{{ wazuh_agent_osquery }}'
       syscollector: '{{ wazuh_agent_syscollector }}'
       sca: '{{ wazuh_agent_sca }}'
-      cis_cat: '{{ wazuh_agent_cis_cat }}'
       localfiles: '{{ wazuh_agent_localfiles }}'
 
       labels: '{{ wazuh_agent_labels }}'

diff --git a/source/deployment-options/deploying-with-puppet/wazuh-puppet-module/index.rst b/source/deployment-options/deploying-with-puppet/wazuh-puppet-module/index.rst
@@ -422,8 +422,6 @@ Reference Wazuh puppet
 |                                                                 |                                                                 |                                             |
 |                                                                 | :ref:`Syscheck <ref_agent_vars_syscheck>`                       |                                             |
 |                                                                 |                                                                 |                                             |
-|                                                                 | :ref:`Wodle osquery <ref_agent_vars_wodle_osquery>`             |                                             |
-|                                                                 |                                                                 |                                             |
 |                                                                 | :ref:`Wodle Syscollector <ref_agent_vars_wodle_syscollector>`   |                                             |
 |                                                                 |                                                                 |                                             |
 |                                                                 | :ref:`Misc <ref_agent_vars_misc>`                               |                                             |

diff --git a/...ng-with-puppet/wazuh-puppet-module/reference-wazuh-puppet/wazuh-agent-class.rst b/...ng-with-puppet/wazuh-puppet-module/reference-wazuh-puppet/wazuh-agent-class.rst
@@ -196,7 +196,7 @@ $wazuh_reporting_endpoint
   `Type String`
 
 $wazuh_register_endpoint
-  Specifies the IP address or the hostname of the Wazuh manager to register against. It is used to run the **agent-auth** tool.
+  Specifies the IP address or the hostname of the Wazuh manager to register against.
 
   `Type String`
 
@@ -742,53 +742,6 @@ $ossec_syscheck_skip_nfs
 
   `Type String`
 
-.. _ref_agent_vars_wodle_osquery:
-
-Wodle osquery variables
------------------------
-
-$configure_wodle_osquery
-  Enables the Wodle osquery section rendering on this host. If this variable is not set to ‘true’, the complete *osquery wodle tag* will not be added to *ossec.conf*.
-
-  `Default true`
-
-  `Type String`
-
-$wodle_osquery_disabled
-  Disable the osquery wodle.
-
-  `Default yes`
-
-  `Type String`
-
-$wodle_osquery_run_daemon
-  Make the module run osqueryd as a subprocess or let the module monitor the results log without running Osquery.
-
-  `Default yes`
-
-  `Type String`
-
-$wodle_osquery_log_path
-  Full path to the results log written by Osquery.
-
-  `Default '/var/log/osquery/osqueryd.results.log'`
-
-  `Type String`
-
-$wodle_osquery_config_path
-  Path to the Osquery configuration file. This path can be relative to the folder where the Wazuh agent is running.
-
-  `Default '/etc/osquery/osquery.conf'`
-
-  `Type String`
-
-$wodle_osquery_add_labels
-  Add the agent labels defined as decorators.
-
-  `Default yes`
-
-  `Type String`
-
 .. _ref_agent_vars_wodle_syscollector:
 
 Wodle Syscollector
@@ -945,12 +898,3 @@ $manage_client_keys
   `Default yes`
 
   `Type String`
-
-$agent_auth_password
-  Define password for agent-auth
-
-  `Default undef`
-
-  `Type String`
-
-.. _ref_agent_addlog:
diff --git a/source/development/message-format.rst b/source/development/message-format.rst
@@ -69,14 +69,14 @@ Queue
 
     The most common queue types are:
 
-        **1** Local file log, including Syslog messages, Windows event logs, outputs from commands, OpenSCAP results and custom logs.
-        
+        **1** Local file log, including Syslog messages, Windows event logs, outputs from commands, and custom logs.
+
         **2** Remote Syslog messages, received by the Syslog server at *Remote daemon*.
-        
+
         **4** Secure messages. They are events from *Remote daemon* to *Analysis daemon*, that contain a standard OSSEC message plus the source agent ID.
-        
+
         **8** Syscheck event. *Analysis daemon* parses it using the Syscheck decoder.
-        
+
         **9** Rootcheck event. *Analysis daemon* parses it using the Rootcheck decoder.
 
 **Location**

diff --git a/source/getting-started/use-cases/threat-hunting.rst b/source/getting-started/use-cases/threat-hunting.rst
@@ -90,8 +90,6 @@ Some third-party solutions that Wazuh integrates with to aid threat hunting are:
 
 - **URLHaus**: `Integrating URLHaus by abuse.ch <https://wazuh.com/blog/detecting-malicious-urls-using-wazuh-and-urlhaus/>`__ with Wazuh amplifies threat intelligence capabilities, empowering users to proactively detect and block malicious URLs in real-time.
 
-- **osquery**: Wazuh provides a module for managing the osquery tool from the Wazuh agents. The osquery module allows security analysts to configure and collect information generated by the osquery. It provides an extra layer for threat hunting capabilities such as configuration management, data collection, custom alerts based on osquery query results, and SQL-like syntax queries.
-
 - **MISP**: We can enrich Wazuh alerts by automating identifications of IOCs and integrating MISP with Wazuh.
 
 Wazuh integrates with other tools that aid threat hunting beyond the above-mentioned. It supports third-party integrations for threat intelligence platforms, SIEMs, and messaging platforms using APIs and other integration methods.

diff --git a/source/release-notes/release-3-7-0.rst b/source/release-notes/release-3-7-0.rst
@@ -156,7 +156,7 @@ The Wazuh app for Kibana includes new features and interface redesigns to make u
   - Get the current manager/agent configuration on the redesigned tabs.
   - Added support for multiple groups feature.
   - The :doc:`Amazon AWS </cloud-security/amazon/index>` tab has been redesigned to include better visualizations and the module configuration.
-  - The new :doc:`Osquery </user-manual/capabilities/system-inventory/osquery>` extension shows scans results from this Wazuh module.
+  - The new Osquery extension shows scans results from this Wazuh module.
   - Added a new selector to check the cluster nodes’ status and logs on the *Management > Status/Logs* tabs.
   - Several bugfixes, performance improvements, and compatibility with the latest Elastic Stack version.
 

diff --git a/source/user-manual/capabilities/system-inventory/index.rst b/source/user-manual/capabilities/system-inventory/index.rst
@@ -27,4 +27,3 @@ Users can generate system inventory reports from the Wazuh dashboard, which can
       available-inventory-fields
       compatibility-matrix
       using-syscollector-information-to-trigger-alerts
-      osquery