This osquery release includes the following features, enhancements, and bug fixes:

• Added a new table docker_container_envs to include docker container environment variables.

• The curl table now returns certificates even if the TLS handshake does not complete.

• The disk_scan and disk_scan_events tables are now available for all platforms.

• The osquery file table to search file names using MFT for Windows.

• Three new wifi tables for Windows:

  • wifi_status
  • wifi_networks
  • wifi_survey

• Added the startup_security table for M1 Macs.

• Added the osquery_memory trackers for Protect Process and DNS events.

• Added sub-second timestamp for audit and ebpf-based events on Linux.

• New generic checks for permissions and ownership of any file in Kubernetes.
• Implemented new generic checks for command line arguments of Kubernetes components such as kube-apiserver.