- More context for alerts: introducing Capsule8 Investigations, which provides metadata on system events that led up to an alert being triggered. Learn more about Investigations here.
- Alerts wherever you want them, from Slack to PagerDuty to stone tablets: we’ve added support for webhooks, Kafka, and several output formats.
- A more reliable read on your detection performance and what “normal” looks like, by adding benchmarks for detection strategies to our analytics.
- Expanded container visibility. Our sensor now works with Kubernetes’ Container Runtime Interface (CRI).
- Shiny new malware detection: we’ve added the most recent YARA version 3.10.
- Your memory is precious; analytics baselining now uses less of it.
- We’ve improved accuracy, as baselining now holds onto credential information for all threads.
- The sensor was missing mount information when new containers were created, which it also needed to properly detect non-whitelisted files executing in containers. Both of these now work!
- You may have noticed some undead containers lurching around. The “kill container” response action now, as the name would imply, kills the container.
- Debugging just became easier: database errors from the console are now logged.
- And we’ve saved the debugging for actual bugs; we were logging some debug messages that you didn’t even need.
- Baselining was occasionally triggering an invalid memory address error. We’ve addressed this issue (pun intended).
- RHEL 6 & 7 users, we fixed the strategy that detects when a non-whitelisted kernel module is loaded.
- Fixed a memory bug that caused some alerts to not fire.
- Mal-where? When a YARA signature fails to parse, our error message now shows which signature failed.