Osquery Release Notes-Release 4.5

Osquery Release Notes-Release 4.5

The following features and enhancements have been added:

  • Fix for the unwanted filesystem access by SQLite ATTACH.
  • Remote/local option support for the user_groups table.
  • Fix for vulnerability scanning.
  • Fix for CIS caching issue.
  • Support to enumerate user_account_control in the windows_security_center table for all sessions.
  • Enhanced the system_info table to get the cpu_type and hardware_version information from Windows assets.
  • Support to enumerate all video drivers in the video_info table from Windows assets.
  • Support for incremental threat indicator updates.
  • Support to pass a query via flag profile which can run on every enrollment and send information to the cloud.
  • Enhanced threat indicator and compliance file handling.
  • Support for EC2 tables on AWS Windows instances.
  • Support to define additional headers to be sent to cloud from osquery.
  • Enhanced accuracy for FIM path filtering.
  • CIS enhancements and fixes.
  • Added support for non-privileged (AWS Fargate) container process events.
  • Added the ability to get flags/secrets from SecretsManager/SSM Param store.
  • Added container support to the file table.
  • Enhanced user ability to query the osquery_tail table to get file content from any file in the osquery install_path/log directory, where:
    • Filename starts with osqueryd, and
    • File extension is .log.
  • Added regex support to osquery real-time queries.
  • Added a new raw Augeas lens.
  • Enhancement to customize the key (-k option) while creating an audit rule.
  • A new table vulnerabilities added for the osquery client-side vulnerability scanning.
  • Added container support for additional tables.
  • Added a counter for excluded events by event exclude profile.
  • Support for eBPF-based user events.
  • Support for file_accesses (eBPF-based) to report 'open/openat events from Linux and Mac' and 'read events from Windows'.
  • Support for tracking the worker restarts in diag stats.
  • Added container support for the shell_history table.