Docker Image Tag 1.5.4-21043
Fixed
Audit telemetry: In Oracle kernels that deviate from mainline, handle hardlink events from filemod.
Changed
Only hash files that are executables for filemod events.
Previously, hashing filemod events for large files like logs would take an excessively long time. As a result, the watchdog misinterpreted the delay as a hang.
Improved memory efficiency by not waiting on DNS requests for incoming network connections.
Because incoming network connections do not trigger a DNS request, this was filling up the sensor DNS cache unnecessarily while expecting DNS information to eventually fill in for these connections.
eBPF Telemetry: Minimum supported mainline kernel is now 5.5+ for aarch64/arm64 updated from 5.8+.
Added
In the native telemetry, process start events now contain an additional field for marking as shell activity.
Hashes
MD5
ff453209a2826cea19d85d783d3629d5 x86_64/cfsvcd
eaa66396890bf9a14bb47fde4a601fb2 x86_64/cwp-launch
6f18d0b88c1986fdb6101b8fce272672 aarch64/cfsvcd
a80c51c1b8af20d3eb176dd4e5095044 aarch64/cwp-launcSHA256
405be30492ba61300be24381fbb5c5eccf8eabc66e45630f826a70b372244aec x86_64/cfsvcd
ee71cb60ee7a993fde1f8e13ec23dcc1a8be6db02415f2fb0ec5b2f8650da488 x86_64/cwp-launch
3e0984352b3d9042ff4e932ea2295e29ff5587fcc302ebbb5c5659196afa58d7 aarch64/cfsvcd
bf6ac95ecc3ddbf44c52659a55c1dc0c80af56c05f94990eaddc0fa258c967fc aarch64/cwp-launc