More context for alerts: introducing Capsule8 Investigations, which provides metadata on system events that led up to an alert being triggered. Learn more about Investigations here.
Alerts wherever you want them, from Slack to PagerDuty to stone tablets: we’ve added support for webhooks, Kafka, and several output formats.
A more reliable read on your detection performance and what “normal” looks like, by adding benchmarks for detection policies to our analytics.
Expanded container visibility. Our sensor now works with Kubernetes’ Container Runtime Interface (CRI).
Shiny new malware detection: we’ve added the most recent YARA version 3.10.
Performance Improvements
Your memory is precious; analytics baselining now uses less of it.
We’ve improved accuracy, as baselining now holds onto credential information for all threads.
Bug Fixes
The sensor was missing mount information when new containers were created, which it also needed to properly detect non-whitelisted files executing in containers. Both of these now work!
You may have noticed some undead containers lurching around. The “kill container” response action now, as the name would imply, kills the container.
Debugging just became easier: database errors from the console are now logged.
And we’ve saved the debugging for actual bugs; we were logging some debug messages that you didn’t even need.
Baselining was occasionally triggering an invalid memory address error. We’ve addressed this issue (pun intended).
RHEL 6 & 7 users, we fixed the policy that detects when a non-whitelisted kernel module is loaded.
Fixed a memory bug that caused some alerts to not fire.
Mal-where? When a YARA signature fails to parse, our error message now shows which signature failed.
Comments
0 comments
Article is closed for comments.