4.6.0
What's New
-
Want more control over your SIEM bills? It’s now possible to limit the rate at which alerts are sent to SIEMs, logging systems, and the Capsule8 console
-
Alert failure metrics are now broken down by output and by failure type so you can better track and understand dispatch errors
Key Improvements
-
Introduced support for Linux kernel 5.10
-
Investigations users will now experience upgraded performance when writing data
-
Lost file write event notifications are now reported in the coverage drop policy type
-
The retention policy for tracking open file events is now configurable
-
Users with custom ptrace policies can now add a policy filter on action type to reduce the number of alerts emitted
-
Extracting debugging information for support cases is now much more straightforward (see How to Gather Support Information)
-
Unused memory is now more efficiently returned to the kernel for other programs on the system to use, improving memory overhead
-
Introduced a new
--preflight-onlycommand line option that verifies a sensor’s compatibility with the provided host system and configuration set -
Network service policy types now observe much less data from the host system, improving performance
Notable Bug Fixes
-
The SELinux detection no longer reports unwanted activity when specific parts of the kernel address space are reused as part of legitimate
- Resolved cases where the sensor could mistakenly retain information on exited processes and consume more memory than necessary
Comments
0 comments
Article is closed for comments.