Conversation
|
|
||
| ### New Features | ||
|
|
||
| - We're extending macOS Endpoint Security to include File Integrity monitoring. Check out the new `es_process_file_events` table. ([#7579](https://github.com/osquery/osquery/pull/7579)) |
There was a problem hiding this comment.
Suggest we word this as "Improved File Integrity Monitoring on macOS using EndpointSecurity with the addition of the new table es_process_file_events"
Where "improved" is "Faster" or "Improved performance" ... @sharvilshah might have a suggestion on what the primary user-benefit over OpenBSM is, besides the fact that OpenBSM is scheduled for deprecation
There was a problem hiding this comment.
We never implemented OpenBSM backed process_file_events table on macOS (partly because it's such a pain) -- the current process_file_events table is Linux/auditd only, so this ES backed es_process_file_events is brand new on macOS :)
There was a problem hiding this comment.
Ah, right! So the real new capability here is specifically that users can get process-context on file-events. On macOS, where previously they could only get those separately.
| [Git Commits](https://github.com/osquery/osquery/compare/5.3.0...5.4.0) | ||
|
|
||
| Representing commits from 15 contributors! Thank you all. | ||
|
|
There was a problem hiding this comment.
If there were a one-liner that would fit in a tweet by our osquery account, what would it be? I suggest "osquery is moving to monthly releases! Version 5.4.0 adds faster file-event monitoring on macOS, a table for enumerating Windows Updates on your hosts, and fixes an AWS IMDSv2 connectivity regression in osquery 5.3" as these are all the big important things I think users should know.
There was a problem hiding this comment.
If there were a one-liner that would fit in a tweet by our osquery account, what would it be? I suggest "osquery is moving to monthly releases! Version 5.4.0 adds faster file-event monitoring on macOS, a table for enumerating Windows Updates on your hosts, and fixes an AWS IMDSv2 connectivity regression in osquery 5.3" as these are all the big important things I think users should know.
Just a small nit, the AWS fix is unrelated to IMDSv2 (which is specific to some tables). The fix was around AWS certificate verification which was impairing everything AWS related (but specifically issues were reported around the loggers toward AWS Kinesis/Firehose)
There was a problem hiding this comment.
I don't think I want to advertise moving to monthly releases. Let's see if we can manage it first :laugh:
5 participants
No description provided.