Fixed

•  Audit telemetry: In Oracle kernels that deviate from mainline, handle hardlink events from filemod.

Changed

• Only hash files that are executables for filemod events.
  • Previously, hashing filemod events for large files like logs would take an excessively long time. As a result, the watchdog misinterpreted the delay as a hang.
• Improved memory efficiency by not waiting on DNS requests for incoming network connections.
  • Because incoming network connections do not trigger a DNS request, this was filling up the sensor DNS cache unnecessarily while expecting DNS information to eventually fill in for these connections.
• eBPF Telemetry: Minimum supported mainline kernel is now 5.5+ for aarch64/arm64 updated from 5.8+.

Added

• In the native telemetry, process start events now contain an additional field for marking as shell activity.

Docker Image Tag

 1.5.4-21043

Hashes ## MD5

ff453209a2826cea19d85d783d3629d5  x86_64/cfsvcd
eaa66396890bf9a14bb47fde4a601fb2  x86_64/cwp-launch
6f18d0b88c1986fdb6101b8fce272672  aarch64/cfsvcd
a80c51c1b8af20d3eb176dd4e5095044  aarch64/cwp-launc

## SHA256

405be30492ba61300be24381fbb5c5eccf8eabc66e45630f826a70b372244aec x86_64/cfsvcd
ee71cb60ee7a993fde1f8e13ec23dcc1a8be6db02415f2fb0ec5b2f8650da488  x86_64/cwp-launch
3e0984352b3d9042ff4e932ea2295e29ff5587fcc302ebbb5c5659196afa58d7  aarch64/cfsvcd
bf6ac95ecc3ddbf44c52659a55c1dc0c80af56c05f94990eaddc0fa258c967fc  aarch64/cwp-launc