Using Prometheus for your metrics collection? You can now forward agent health metrics to a push gateway
Preserve confidentiality in your investigations storage by redacting sensitive data via the new ability to discard sensitive fields
VMWare vSphere users can now important node UUID as metadata
Save time when installing Capsule8 with a new, simplified script that installs the sensor and default detections, sets up standard configurations, and optionally pairs with a console instance
Key Improvements
Using newer kernels? You can now deploy Capsule8 on Linux kernels 5.7 and 5.8
It’s good security hygiene to only allow signed packages and images in production environments. That’s why our Debian and RPM packages are now signed
Improved system performance when handling telemetry samples under heavy load and resource limitation
Improved performance of event processing, alert processing, and sensor heartbeats
Improved performance with workloads that change working directory frequently
Remote configuration features via the console are now limited to configuration of detection policy only
You can now configure the Prometheus monitoring port bind address where the sensor’s operational metrics are published
If you try to use deprecated alert output configuration options, you will now receive a warning message
Alerts now report which version of detection content is installed
You will now receive more explicit errors when SELinux and AppArmor detections are enabled on hosts where these Linux Security Modules are not present
Error messages for kprobe dmesg are now minimized on modern kernels with functions marked as “notrace”
Added dynamic enabling of debug endpoints
The privilegeEscalation policy type has been renamed to UnauthorizedKernelCredentialChange to more accurately reflect the nature of the event
Improved performance when interactive shell detections are enabled
Improved performance when connection policies are enabled
The sensor now supports a complete set of container events on Docker 19.0
You can now disable inotify-based write tracking to avoid overhead
When investigations is disabled, you will now experienced reduced overhead of container and lost events
Investigations streaming JSON format now includes a field describing each event record
Failure to flush investigations data is now reported as lost data
Bug Fixes
Fixed extended container metadata not showing in alerts in some circumstances
Error handling of absent telemetry collection mechanisms is now non-fatal if the telemetry type is not used by any enabled detections
Fix leak of kretprobes on kernel versions 5.6 and later when the sensor is uncleanly shut down
Fix crash resulting from specific edge-case data loss scenarios
Systemd unit file now specifies cgroup delegation to properly support cgroup migration when systemd reloads
Comments
0 comments
Please sign in to leave a comment.