The following features and enhancements have been added:

• Fix for the unwanted filesystem access by SQLite ATTACH.
• Remote/local option support for the user_groups table.
• Fix for vulnerability scanning.
• Fix for CIS caching issue.
• Support to enumerate user_account_control in the windows_security_center table for all sessions.
• Enhanced the system_info table to get the cpu_type and hardware_version information from Windows assets.
• Support to enumerate all video drivers in the video_info table from Windows assets.
• Support for incremental threat indicator updates.
• Support to pass a query via flag profile which can run on every enrollment and send information to the cloud.
• Enhanced threat indicator and compliance file handling.
• Support for EC2 tables on AWS Windows instances.
• Support to define additional headers to be sent to cloud from osquery.
• Enhanced accuracy for FIM path filtering.
• CIS enhancements and fixes.
• Added support for non-privileged (AWS Fargate) container process events.
• Added the ability to get flags/secrets from SecretsManager/SSM Param store.
• Added container support to the file table.
• Enhanced user ability to query the osquery_tail table to get file content from any file in the osquery install_path/log directory, where:
  • Filename starts with osqueryd, and
  • File extension is .log.
• Added regex support to osquery real-time queries.
• Added a new raw Augeas lens.
• Enhancement to customize the key (-k option) while creating an audit rule.
• A new table vulnerabilities added for the osquery client-side vulnerability scanning.
• Added container support for additional tables.
• Added a counter for excluded events by event exclude profile.
• Support for eBPF-based user events.
• Support for file_accesses (eBPF-based) to report 'open/openat events from Linux and Mac' and 'read events from Windows'.
• Support for tracking the worker restarts in diag stats.
• Added container support for the shell_history table.