Releases: threathunters-io/laurel
Releases · threathunters-io/laurel
Release v0.6.2
Maintenance release:
- Change in filtering behavior: Keep first event for new processes (configurable)
- Small bug fixes
- SELinux policy fixes , thanks to @comawill
- Bump MSRV to 1.70
- Update dependency versions
Release v0.6.1
Mostly a bugfix release
- Fix signal handling, especially SIGHUP
- Fix serialization for node names
- Perform user-groups enrichment independently of other userdb lookups
- Update syscall table
Release v0.6.0
Notable changes:
- Add UID_GROUPS enrichment for secondary group memberships
- Remove deprecated PARENT_INFO sub-structure
- Config marker that is written to Syslog
- Slight output performance improvements
- Internals: Refactor, simplify data structures
- Fixes for non-standard architectures (32bit, big-endian), thanks to Debian
- Minor fixes (parser, block device number handling)
Release v0.5.6
- Improvements in enrichment of data from short-lived processes
- New regular-expression-based filter for raw audit lines
- Various minor parser bug fixes
- Fixes in "drop-raw" behavior
- Fixes in documentation and example config file
Release v0.5.5
No new features, "just" a bugfix release.
- Ensure that internal process identifiers in shadow process table are unique
- smalll config parser improvement
Release v0.5.4
Notable features
- more reliable process tracking
- slight performance improvements
- an option to drop numeric UID, GID values
- various debugging options.
Release v0.5.3
Release 0.5.3
Release v0.5.2
- Add null key filter
- Fix process tracking for programs that fork without exec (e.g. shells)
- Add setup option to run laurel in a container on immutable container distros such as CoreOS
- Provide container image
Release v0.5.2-pre1
- Fix for handling some multi-messge events
- Error message improvements
- Adopt quasi-standard
log
crate - Fix/workaround for mishandled SCRIPT detection
- connect socket support
Release v0.5.1
- Re-introduce optional/deprecated PARENT_INFO record
- Add configuration options to remove labels from processes
- Rewrite bulk of the documentation: provide it as proper UNIX manual pages