- We highly recommend you install this update, as it includes important fixes for agent performance and data quality.
- v0.4.1 - v0.4.6 were limited, controlled releases.
- Full container (Docker, LXC) support via Host OS
- Agent version and telemetry collection details are displayed in the Portal
- Agent ID
- Agent Version
- Last Checkin Time
- Last Time Data Seen
- Backlog Bytes
- The agent starts earlier in the boot process to capture early activity and telemetry.
- Note: File hashing (MD5, SHA256) is still temporarily disabled as we work on a fix (see prior release)
- Relative paths were recorded (./example) instead of absolute paths (/usr/bin/example).
- Missing parent process details for cases involving pid namespaces or missing audit context.
- Process start times were incorrect for systems with more or less than 4 logical CPUs.
- Missing network connection telemetry for applications that utilize the 32-bit `socketcall` syscall
- Missing process telemetry for applications that utilize the `execveat` syscall.
- Premature recording of process exits for cases where exit() is utilized in a multi-threaded process
(exit() in a multi-threaded process only indicates the ending of a thread).
- In rare cases, the agent would read an unusable local resolver configuration, resulting in the agent believing there was no internet connectivity when there was. As a result, telemetry would continue to be locally spooled onto disk, until the agent or system was restarted.
- When network connectivity was unavailable for a significant amount of time, the number of spooled uploads would accumulate and would rapidly be read, deleted, and re-written repeatedly until connectivity returned.
- Improved process lineage by utilizing both the fork observation time as well as the process start time, in cases where they are slightly different.
- Red Hat Enterprise Linux distributions (6, 7, 8) opted into agent safe-mode as a result of an error in parsing OS version details.
- In rare cases, an error would occur when consuming telemetry from the audit netlink socket, resulting in the agent going into safe-mode for 5 minutes.