Skip to content

0.15.1
Compare
Choose a tag to compare
@mstemm mstemm released this 07 Jun 22:16
· 3491 commits to master since this release
0.15.1
ff376d3

Released 2019-06-07

Major Changes

  • Drop unnecessary events at the kernel level instead of userspace, which should improve performance [#635]

Minor Changes

  • Add instructions for k8s audit support in >= 1.13 [#608]

  • Fix security issues reported by GitHub on Anchore integration [#592]

  • Several docs/readme improvements [#620] [#616] [#631] [#639] [#642]

  • Better tracking of rule counts per ruleset [#645]

Bug Fixes

  • Handle rule patterns that are invalid regexes [#636]

  • Fix kernel module builds on newer kernels [#646] [#sysdig/1413]

Rule Changes

  • New rule Launch Remote File Copy Tools in Container could be used to identify exfiltration attacks [#600]

  • New rule Create Symlink Over Sensitive Files can help detect attacks like [CVE-2018-15664] [#613] [#637]

  • Let etcd-manager write to /etc/hosts. [#613]

  • Let additional processes spawned by google-accounts-daemon access sensitive files [#593]

  • Add Sematext Monitoring & Logging agents to trusted k8s containers [#594]

  • Add additional coverage for Netcat Remote Code Execution in Container rule. [#617]

  • Fix egrep typo. [#617]

  • Allow Ansible to run using Python 3 [#625]

  • Additional Write below etc exceptions for nginx, rancher [#637] [#648] [#652]

  • Add rules for running with IBM Cloud Kubernetes Service [#634]

Assets 2