Skip to content
Last update: 2022-06-28

Release Notes Content 4.10.0

New features

  • Sudoers File Modified: Enhanced detection of modifications to the sudoers file.
  • New Script Executed, New Script Executed in Container: Enhanced detection of new scripts being executed, complimentary to new files being executed.
  • Kernel ROP: Core detection of kernel return oriented programming (ROP) which can be used as part of a kernel exploit.
  • Unprivileged Unshare: Enhanced detection of non-root programs creating new namespaces which can be used as part of kernel exploits.
  • Coverage Drop Detected: Audit-level notifications when a drop in coverage is detected due to high system load.

Improvements

  • Fixes potential false positives in the Remote Access Tool Download policy
Back to top