From 9d3907f01a6c3f722349f315878bf6b6191d39a6 Mon Sep 17 00:00:00 2001
From: Matt Crees <mattc@stackhpc.com>
Date: Tue, 14 Jan 2025 17:06:59 +0000
Subject: [PATCH 1/2] Bump to wazuh-ansible v4.10.0

This brings in SCA CIS checks for RL9 by default.
Keep using our fork for unmerged bugfixes
---
 etc/kayobe/ansible/requirements.yml                          | 2 +-
 .../notes/wazuh-ansible-v4.10.0-ed5209199194cddf.yaml        | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/wazuh-ansible-v4.10.0-ed5209199194cddf.yaml

diff --git a/etc/kayobe/ansible/requirements.yml b/etc/kayobe/ansible/requirements.yml
index cb7b65c372..569ec172f7 100644
--- a/etc/kayobe/ansible/requirements.yml
+++ b/etc/kayobe/ansible/requirements.yml
@@ -22,7 +22,7 @@ roles:
     version: 1.3.1
   - name: wazuh-ansible
     src: https://github.com/stackhpc/wazuh-ansible
-    version: stackhpc
+    version: stackhpc-v4.10.0
   - name: geerlingguy.pip
     version: 2.2.0
   - name: monolithprojects.github_actions_runner
diff --git a/releasenotes/notes/wazuh-ansible-v4.10.0-ed5209199194cddf.yaml b/releasenotes/notes/wazuh-ansible-v4.10.0-ed5209199194cddf.yaml
new file mode 100644
index 0000000000..ef0dc0387f
--- /dev/null
+++ b/releasenotes/notes/wazuh-ansible-v4.10.0-ed5209199194cddf.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - |
+    Upgrades the version of wazuh-ansible to v4.10.0. This brings in the SCA CIS
+    checks for Rocky Linux 9 by default.

From a71c358df619e6b834ed3625a368e0959d489bd6 Mon Sep 17 00:00:00 2001
From: Matt Crees <mattc@stackhpc.com>
Date: Tue, 14 Jan 2025 17:32:00 +0000
Subject: [PATCH 2/2] Remove RL9 custom instructions from Wazuh docs

---
 doc/source/configuration/wazuh.rst | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/doc/source/configuration/wazuh.rst b/doc/source/configuration/wazuh.rst
index cd57716d34..57a89081ee 100644
--- a/doc/source/configuration/wazuh.rst
+++ b/doc/source/configuration/wazuh.rst
@@ -336,11 +336,6 @@ rulesets. However, you may find you want to add more. This can be achieved via
 SKC supports this automatically, just add the policy file from this PR to
 ``{{ kayobe_env_config_path }}/wazuh/custom_sca_policies``.
 
-Currently, Wazuh does not ship with a CIS benchmark for Rocky 9. You can find
-the in-development policy here: https://github.com/wazuh/wazuh/pull/17810 To
-include this in your deployment, simply copy it to
-``{{ kayobe_env_config_path }}/wazuh/custom_sca_policies/cis_rocky_linux_9.yml``.
-
 .. _Deploy:
 
 Deploy