Capsule8 Docs
Capsule8 Docs

Versions 3.0.0-3.0.2

What’s New

  • More context for alerts: introducing Capsule8 Investigations, which provides metadata on system events that led up to an alert being triggered. Learn more about Investigations here.
  • Alerts wherever you want them, from Slack to PagerDuty to stone tablets: we’ve added support for webhooks, Kafka, and several output formats.
  • A more reliable read on your detection performance and what “normal” looks like, by adding benchmarks for detection policies to our analytics.
  • Expanded container visibility. Our sensor now works with Kubernetes’ Container Runtime Interface (CRI).
  • Shiny new malware detection: we’ve added the most recent YARA version 3.10.

Performance Improvements

  • Your memory is precious; analytics baselining now uses less of it.
  • We’ve improved accuracy, as baselining now holds onto credential information for all threads.

Bug Fixes

  • The sensor was missing mount information when new containers were created, which it also needed to properly detect non-whitelisted files executing in containers. Both of these now work!
  • You may have noticed some undead containers lurching around. The “kill container” response action now, as the name would imply, kills the container.
  • Debugging just became easier: database errors from the console are now logged.
  • And we’ve saved the debugging for actual bugs; we were logging some debug messages that you didn’t even need.
  • Baselining was occasionally triggering an invalid memory address error. We’ve addressed this issue (pun intended).
  • RHEL 6 & 7 users, we fixed the policy that detects when a non-whitelisted kernel module is loaded.
  • Fixed a memory bug that caused some alerts to not fire.
  • Mal-where? When a YARA signature fails to parse, our error message now shows which signature failed.