Skip to content

2.3.0
Compare
Choose a tag to compare
@andrewkroh andrewkroh released this 04 May 16:18
· 32 commits to main since this release
v2.3.0
391bb9b

Added

  • Add ECS mappings for more audit anomaly events. #70
  • Add BacklogWaitTimeActual status field, which is available since Linux 5.9 #93
  • Add ECS normalizations for TIME_ADJNTPVAL and TIME_INJOFFSET. #98
  • Add support for exe filters in exclude rules (e.g. -a exclude,always -F exe=/bin/ls). #97

Changed

  • Update syscall, arches, and audit msg type tables for Linux 5.16. #96
  • Go 1.16 or newer is required because the project uses the embed package. #104
  • Fixed error messages from AddRule() in the audit client. #103

Removed

  • Removed support for resolving syscall numbers to names for the ia64 architecture. #96
Assets 2
Loading