The "List" editor in the Policy UI has been simplified. Lists specific to policies may now be found and edited within that policy's details.
Enhanced detections, Custom detections, Investigations, and Audit alerts are not available by default. Talk to your Capsule8 representative if you need these features.
We've added support for storing investigations data in bigquery. Talk to your Capsule8 representative if you need this feature.
The Resources page now contains tabs for “Connected” and “Disconnected” resources. Disconnected resources are those that have not communicated with the sensor within the past 125 minutes.
A new “Delete History Logs” configuration has been added to the Global Settings page. It is disabled by default. If enabled, you can specify the retention policy of the data populating the History page.
Events are now referred to as Alerts for clarity.
Performance has been improved on deployments using the ‘policy input’ feature.
Various security improvements have been added.
To mitigate a hardcoded password risk, users who have never changed their admin password are now required to set a new one with console.default_admin_password. If the password remains default, and this configuration is omitted, the console will fail to start. This configuration can and should be removed after a successful admin login.
An optional console.csrf_auth_key configuration has been added. If multiple consoles are set up in a load balanced configuration, all consoles must be configured with an identical console.csrf_auth_key set to a 64 character string. If you only have one console, you can leave this unset and it will default to a random string.
console.postgres_max_open_connections has been added. This governs the maximum connections the console will attempt to make to Postgres and defaults to 90. If you are hosting your own Postgres, this configuration value must be smaller than the result of the query `SHOW max_connections;`
By default, the console now includes an embedded version of detection content. If you require a different version of these detections, you may install a capsule8-content package of your choice on your console’s machine, or set console.content_path to an appropriate file path.
The quick install dialog now, by default, chooses a sensor version that matches the Capsule8 Content version visible on the detections page. You can override this default by setting console.quick_install_sensor_version to e.g. “4.5.0”.
The Console now serves detections to sensors by default. Note that the sensors must still be configured before they request detections from the Console. If you are not using the console to configure your sensors’ detections, you can disable this behavior by setting console.policy_config_enabled to “false”.
The console.address configuration is now deprecated. We will continue to support it for the near future but advise updating it to console.listen_address.
The console.api_url configuration has been added. It defaults to be the same as console.frontend. Most users should leave this unset; it is provided to handle the scenario where sensors and browsers use different URL’s to connect to the console.
Fixed a scenario where Audit alerts didn’t load properly.
uprobe and kprobe policies were disabled for security reasons.
The search filter bar on the User/Roles page was removed for security reasons.