- cmdReporter will now automatically rate-limit log events that repeat within a small time frame.
- Added new "RATE_LIMIT_END_EVENT" that will detail which event was rate limited and how many times it occurred.
- Execution chain events now have a field (exec_chain.thread_uuid) with a UUID that is constant throughout the execution chain to make correlating events easier.
- Unified log events are now streamed to cmdReporter instead of collected on an interval.
- Added ability to send directly to a Splunk HTTPS event collector without the need for a Splunk universal forwarder.
- Added AWS Kinesis as a remote logging destination.
- New, more robust methods for collecting file system events with file descriptor, inode location, and more low-level information for forensic analysis.
- Minor performance improvements and bug fixing.
- Added better logic to verbose log event filters.
- Improved logic to link parent and child processes.
- LogRemoteEndpointType preference key values are no longer case-sensitive.
- Improved connection logic for Syslog protocol remote logging
- Improved connection logic for raw TLS port remote logging.
- Fixed minor bugs with cmdReporter -T command line output.
- Improved error logging for all cmdReporter functions and processes.
New Log Event Types