Git Commits
New Features
- Initial implementations for BPF-based socket and process events tables (#6571)
- Support EC2 tables on Windows (#6756)
Under the Hood improvements
- BPF: Add container support to fork/vfork/clone (#6721)
- BPF: Additional improvements on the initial implementation (#6717)
- BPF: Fix the tests (#6783)
- BPF: Fix wrong d_type compare in filesystem classes (#6774)
- BPF: Implement additional syscalls to track file descriptor usage (#6723)
- Remove unused LTCG flag (#6769)
- Support TLS client certificate chains (#6753)
- Refactor carver to use the Scheduler (#6671)
- Add configuration flag to disable file_events by default (#6663)
- libs: Build x86_64 configurations on Ubuntu 14.04 (#6687)
- libs: Port the RocksDB Win7 compatibility patch to the MSBuild generator (#6765)
- libs: Update BPF libraries to support LLVM 11 (#6775)
- libs: Update RocksDB to version 6.14.5 (#6759)
- libs: Update bzip2 to version 1.0.8 (#6786)
- libs: Update ebpfpub to latest version (#6757)
- libs: Update sqlite to version 3.34.0 (#6804)
- libs: update aws-sdk to 1.7.230 (#6749)
- Adding support for pretty-printing JSON results in osqueryi (#6695)
Table Changes
- Add Yandex Browser support for chrome_extensions (#6735)
- Add additional file stat flags to Darwin (bsd_flags) (#6699)
- Add extended_attributes table to Linux, add support for Linux capabilities (#6195)
- Add indexed column support to Windows users table (#6782)
- Enable AWS Instance profile as credential provider on Windows (#6754)
- Add systemd support for startup_items on Linux (#6562)
Bug Fixes
- Do not use memset on VirtualTable, a non-POD type (#6760)
- Fix deadlock when registering two extensions (#6745)
- Fix last_connected column in wifi_networks on Catalina (#6669)
- Fix missing negations, duplicate rows in iptables table (#6713)
- Fix shadow table to detect empty passwords (#6696)
- Free memory allocated by ConvertStringSidToSid (#6714)
- PackageIdentifiers are optional in InstallHistory.plist (#6767)
- Removing PUNYCODE flag from windows string conversions (#6730)
- Fix memory leak in the dbus classes (#6773)
- Change the kernel_modules size column type to BIGINT (#6712)
Documentation
- Add a README.md to source-based libraries (#6686)
- Fix spelling typos (#6705)
- Journald Audit Logs Masking Documentation (#6748)
Build
- CI: Provide built packages as Azure artifacts (#6772)
- CI: Python installation improvements on Windows (#6764)
- CI: Update brew scripts (#6794)
- CMake: Disable BPF support if the LLVM libs are not compatible (#6746)
- CMake: Use CPACK_RPM_PACKAGE_RELEASE (#6805)
- CMake: Add max version limit to 3.18.0 on Linux (#6801)
- Change urls for submodules gpg-error, libgcrypt, libcap (#6768)
- Reduce linkage requirements for tests (#6715)
- Remove a Buck leftover (#6799)
- Remove boost workaround introduced in #5591 for string_view (#6771)
- Tests: Fix tests on Catalina (#6704)
- Update cmake_minum_required to 3.17.5 and pin version in CI (#6770)
- build: Fix Windows build on newer MSVC (#6732)
- extensions: Always compile examples to prevent them from breaking (#6747)
Security Issues
Packs
- Updated unwanted-chrome-extensions (#6720)
- Restrict the usb_devices pack to Posix (#6739)
- Add Reptile rootkit to ossec-rootkit pack (#6703)
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.