Docker tag: 1.5.1-19963
- We are aware of an issue with sensor degradation on Linux EDR sensors using auditD as their telemetry collection method. Since we are only seeing this on those sensors we recommend that you use eBPF as the preferred telemetry source in the meantime.
- Audit telemetry: Handle audit events from filemod in Oracle kernels that deviate from mainline.
- Audit telemetry: Properly handle creation of symlinks that target themselves.
- Audit telemetry: Ignore renames of hardlinked files (when hardlinked to each other).
- eBPF telemetry: Does not emit warnings for files not being tracked.