cmdReporter Wiki

Open navigation

2.2 - May 2019

New Features:

  • Remote endpoint logging over network
    • cmdReporter can now log directly to log aggregation servers
  • Kafka remote endpoint logging (Public Beta)
  • Logstash and REST API remote endpoint logging (Public Beta)
  • Spool remote endpoint logs to special log file when network unavailable and retry on an interval
  • Process parent/child mapping fields in exec events
    "parent_pid": 1105,
    "parent_uuid": "82044823-FD77-4553-919A-58B368E106A5"
    "uuid": "BABA5C42-2963-4F28-83A4-8C0DD7DFD96F"
  • Return and Arguments text fully parsed into field mappings
  • Logic changed for <key>AuditEventExcludedProcesses</key> to only match the full path of the process, no regex interpretation
  • Verbose events logging preference added to enable/disable cmdReporter's smart logging filters

Bug Fixes:

  • Resolved preferences caching issue: In rare cases preferences were cached too long
  • Optimized events and event fields
  • Add version information to cmdReporter -T output
  • Tokenwatcher checks backed off to every 30 seconds to resolve duplicate check errors

New Preference Keys:


<!-- # General Endpoint Logging -->

<!-- # REST-specific -->

<!-- # Kafka-specific -->

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.