Skip to content

2.4.0
Compare
Choose a tag to compare
@muffins muffins released this 06 Apr 23:02
· 2879 commits to master since this release
2.4.0
76fe5d7

New features in 2.4.0:

Important changes

#3073 The Windows registry table was refactored to have a look and feel like the file table.
#3049 Distributed (ad-hoc) queries now support discovery queries.
#3087 & #3091 Improve events tables performance and protect against multiple queries overwriting sliding window optimizations.
#3100 Add globbing support to the Windows registry table.
#3120 Add the auid column to all Audit-based tables.
#3115 Add status logging to AWS-based logger plugins.

Bug fixes

#3065 Set a max size for RocksDB MANIFEST logs, this helps protect against very large transaction logs leading to massive on-disk files.
#3098 Fix crash when sanitizing REG_NONE types from Windows registry.
#3106 Return blank or NULL values for sha, md5 and sha256 when files cannot be hashed.
#3116 Fix potential deadlock with periodic database reset.
#3142 Fix reentry bug with our GLog logger sink leading to potential deadlocks.

Config options / CLI flags changes

--logger_min_status VALUE Minimum level for status log recording 1=INFO, 2=WARNING, 3=ERROR

Table changes (from 2.3.4 to 2.4.0):

Moved table startup_items from Darwin to All Platforms

Added table lldp_neighbors to POSIX-compatible Plaforms
Added table python_packages to POSIX-compatible Plaforms
Added column auid (BIGINT_TYPE) to table process_events
Added column auid (BIGINT_TYPE) to table socket_events
Added column auid (BIGINT_TYPE) to table user_events

Renamed table syslog to syslog_events on Ubuntu, CentOS (the alias syslog still exists)

Breaking Table API changes

Removed column hive (TEXT_TYPE) from table registry
Removed column subkey (TEXT_TYPE) from table registry
The hive and subkey columns have been combined into a path column.

Assets 2