Released: 2019-06-26
Notes:
- This release includes substantial fixes and additional features. Please upgrade soon.
- v0.4.15-v0.4.28 were limited, controlled releases.
Added
- Ubuntu 20.04 support
- Pop!_OS support
- AWS instance metadata enrichment
- Region, AMI, Account ID, Instance ID and more are displayed in the Portal
- Process file hashing (MD5/SHA256) is now re-enabled
Changed
- Free/Enterprise version outputs telemetry in a flattened structure that is preferred by SIEMs [ch5168]
- Changed the `nice` value of telemetry consumption threads to -4 (what auditd uses) and the lowest available real-time priority which is still higher than all non-real-time processes.
- Changed behavior of Safe-Mode to force the sensor to exit when the transition is Normal->Safe. This ensures we clean up any state and use minimal resources on entering Safe-Mode.
Deprecated
- N/A
Removed/Disabled
- Note: Capturing of local IP/port for outbound connections is disabled as we work on a performance fix
Fixed
- Fixed systemd service configuration to restart the daemon when its stopped
- Fixed an issue with DNS IPv6 parsing that caused us to slice out incorrect portions of the packet.
- Fixed issue where `username` was not populated for non-local accounts (LDAP, AD) [ch4418]
- Fixed memory leak caused by messages dropped by the kernel [ch7509]
- Fixed memory leak cause by a lack of entropy reported by the operating system [ch6432]
- Fixed sensor crash that would occur under heavy load [ch8153]
- Fixed issue where the current working directory was reported incorrectly [ch7512]
- Fixed issue where network connections were associated with the wrong process, resulting in cases like missing incoming network connections for sshd [ch5066]
- Fixed erroneous logging of error 'Malformed or invalid payload file found' [ch4356]
- Fixed kernel audit deadlock that resulted under high load [ch4365]
- Fixed an issue with Free Mode where it was not correctly recognizing the S3 region
Security
- N/A