Osquery Release notes - Release

Osquery Release notes - Release

This osquery release includes the following features, enhancements, and bug fixes:

  • Added a new table docker_container_envs to include docker container environment variables.

  • The curl table now returns certificates even if the TLS handshake does not complete.

  • The disk_scan and disk_scan_events tables are now available for all platforms.

  • The osquery file table to search file names using MFT for Windows.

  • Three new wifi tables for Windows:

    • wifi_status
    • wifi_networks
    • wifi_survey
  • Added the startup_security table for M1 Macs.

  • Added the osquery_memory trackers for Protect Process and DNS events.

  • Added sub-second timestamp for audit and ebpf-based events on Linux.

  • New generic checks for permissions and ownership of any file in Kubernetes.
  • Implemented new generic checks for command line arguments of Kubernetes components such as kube-apiserver.