Skip to content
Last update: 2022-05-12

Release Notes: Sensor 4.5.0

4.5.0

What's new

  • Running SuSE or OpenSuSE? Packages are now available for both distributions
  • Detection of unwanted BPF Programs is now more tightly scoped to cover only potentially dangerous actions and has much better performance on systems running other BPF-enabled monitoring agents
  • You can now filter Investigations data before it's transferred to a durable store off-host to avoid leaking sensitive data
  • Telemetry clients can now specify specify a list of PIDs and TGIDs to filter in their subscriptions

Key improvements

  • The Spectre/Meltdown detection now disables itself automatically in virtualized environments where hardware performance counters are unavailable
  • The Processor-Level Protections Disabled detection now disables itself automatically on host kernels where this feature is inaccessible
  • Customers with file detections enabled will experience improved performance
  • File descriptor resource limit requirements are now appropriately validated on startup
  • You can now query the average delay of event processing via the metrics endpoint
  • Determination of whether or not a shell is considered interactive is now more accurate
  • Improved performance and memory usage of basic process state tracking
  • Using program allowlists? You'll now experience improved performance and reduced event drops for allowlisted programs that perform frequent events, which are now filtered in the kernel
  • Kernel support data is now bundled for version 5.9 Linux kernels
  • The Cloud Metadata API Accessed detection now has lower CPU overhead
  • When a kernel supports BTF, you will experience reduced memory usage by the sensor
  • The sensor now prints an error message when its configuration files are world-readable or world-writable to avoid accidental leaks of authentication keys and policy configuration

Bug fixes

  • The CmdLine process information field is now usable within alert templates
  • Capabilities are now properly set during installation on old userlands
  • Fixed cases of missing credentials when an alert is emitted after process events are lost
  • Exits of network services are now properly tracked
  • Unprivileged users can no longer customize where the sensor reads its configuration from
    Alert templates containing Parent and CurrentWorkingDirectory references now function as they did in version 4.3

Breaking changes

  • The sensor now refuses to start on outdated, unsupported kernels
  • Legacy NATS and Go Micro-based protocol has been retired
  • Conflicting configurations for alert outputs are now rejected
Back to top