Uptycs is excited to announce Osquery release 3.3.2.68, released. Apr 09, 2020.

Key improvements / issues addressed in this release:

Memory and CPU utilization optimizations on Linux:

These are several improvements with focus on Memory and CPU utilization optimization on Linux endpoints, thus increasing efficiency with server workload data collection and analysis.

Carving Support:
File carving is available in this release, which is implemented based on carves table. Users can execute a query to carve file(s) from asset(s). Up to 50 MB of file data can be carved from a given asset.

Bug Fixes:

ENG-6898: Support for Certificate table on Linux

ENG-6748: Correction to logged_in_user table return data.

ENG-7287: Fix port parsing in HTTP events

ENG-6980: Check and Remove whitespace at the end of cmdline column value.

Other notable features / improvements:

Expanded shell_history table to include fishshell history

Added binary_type and arch column to apps table, to list 32/64 bit application on Darwin

Ability to blacklist tables for real-time queries via command-line arguments passed to osqueryd

Ability to write Osquery log data to the filesystem using file logger.

Uptycs support team