Skip to content
Last update: 2022-05-12

Release Notes: Sensor 4.6.0

4.6.0

What's new

  • Want more control over your SIEM bills? It's now possible to limit the rate at which alerts are sent to SIEMs and logging systems

  • Alert failure metrics are now broken down by output and by failure type so you can better track and understand dispatch errors

Key Improvements

  • Introduced support for Linux kernel 5.10

  • Investigations users will now experience upgraded performance when writing data

  • Lost file write event notifications are now reported in the coverage drop policy type

  • The retention policy for tracking open file events is now configurable

  • Users with custom ptrace policies can now add a policy filter on action type to reduce the number of alerts emitted

  • Extracting debugging information for support cases is now much more straightforward. See How to Gather Support Information

  • Unused memory is now more efficiently returned to the kernel for other programs on the system to use, improving memory overhead

  • Introduced a new --preflight-only command line option that verifies a sensor's compatibility with the provided host system and configuration set

  • Network service policy types now observe much less data from the host system, improving performance

Notable bug fixes

  • The SELinux detection no longer reports unwanted activity when specific parts of the kernel address space are reused as part of legitimate

  • Resolved cases where the sensor could mistakenly retain information on exited processes and consume more memory than necessary

Back to top