You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Added
Support for pluggable actions for policy engine
Support for asynchonous policy engine with thread pooling
Packaging in deb, rpm, and targz formats
Added 14 new MITRE TTP tagging rules
Added support for quiet logging mode
Added plugin builder image to support plugin development and releases
Changed
Added contextual sysflow structure, removed global cache and cache synchronization primitives; refactored handler interface
Changed cache keys to OID types
BREAKING Changed policy engine modes and action verbs (update policy yaml rule declarations to remove action attribute if used with alert or tag verbs)
alert and enrich are now policy engine modes, and action in policy rule declaration is now used for calling action handling plugins
Updated the short union strings from gogen-avro
Updated CI to automate packaging or release assets with release notes
Bump go version to go1.17.7
BREAKING Added support for architecture-dependent build (darwin, linux), due to changes in go 1.17 net package
Updated findings short description formatting and name convention
Fixed
Fixed cache coherence and race condition when updating the cache in the processor plugin; splits the processor plugin into two plugins, reader (which builds the cache) and processor (only reads from cache)
Fixed stream socket reader issue introduced with the upgrade to go 1.17
