Osquery Release Notes-Older releases
- Depreciated the docker_host table.
- Added a filter in HTTP events to exclude internal traffic.
- Enhanced the shell_history table to include fisshell history.
- Added binary_type and arch columns in apps table to distinguish between 32 & 64-bit applications in Mac.
- Added 'signed' and 'identifier' details to the process_events table.
- Added the enable_curl flag to enable cURL, and it is disabled by default.
- Added the audit_eoe_record_timeout flag to improve audit events handling. Customize this flag to set a duration (in seconds) for audit End of Event (EoE) records, which determines the wait period to send events data to the cloud. The default value is zero. Hence, by default, osquery will not wait for EoE records before sending data to the cloud.
- Added a fix for the default event rule 'Process without on disk file' to avoid additional processing inside a container.