You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AzureFS support for pulling profile data from azure blob storage
Huge improvement to Windows pulsar performance for some users
nebula.fields function for reporting custom data to splunk on a specific schedule
Support for /etc/hubble/hubble.d/*.conf for user config
pulsar.canary function for daily FIM event generation
Logstash returners!
New and improved vulners CVE scanner to use their more performant API
Cross-Platform
Added osqueryversion and osquerybinpath grains for reporting osquery information
Added code to nebula to prefer our bundled version of osqueryi
Added option to extract fields at index time for splunk returners
Added nebula.fields function for reporting custom data to splunk on a specific schedule
Added support for **kwargs passthrough to nova modules
Added support for /etc/hubble/hubble.d/*.conf for user config
Added pulsar.canary function for daily FIM event generation
Added azure details fetching to splunk returners (similar to aws details)
Added support for __JSONIFY__ prefacing for osquery results which are JSON instead of python data structures. This allows us to further process the data into python data structures which can then be parsed into columns by splunk.
Added logstash returners
Added new vulners CVE scanner
Added some misc.py functions in nova to support CoreOS and Amazon Linux CIS checks
Changed the splunk port to be configurable in the splunk returners
New Dockerfiles for building pyinstaller packages
Added azurefs support
Windows
Improved performance of win_pulsar. Some users will see a substantial reduction in CPU usage during pulsar.process on windows.
Many logic improvements and fixes to audit modules in Nova for Windows
Fixed upgrading via installer
2.2.1
Fixed a bug introduced in the splunk returners (#142)
Add multiline matching to nova grep module's match_output by default (#148)