cmdReporter Wiki

3.2 November 2019

New:

  • cmdReporter will now automatically rate-limit log events that repeat within a small time frame.
  • Added new "RATE_LIMIT_END_EVENT" that will detail which event was rate limited and how many times it occurred.
  • Execution chain events now have a field (exec_chain.thread_uuid) with a UUID that is constant throughout the execution chain to make correlating events easier.
  • Unified log events are now streamed to cmdReporter instead of collected on an interval.
  • Added ability to send directly to a Splunk HTTPS event collector without the need for a Splunk universal forwarder.
  • Added AWS Kinesis as a remote logging destination.
  • New, more robust methods for collecting file system events with file descriptor, inode location, and more low-level information for forensic analysis.

Improvements

  • Minor performance improvements and bug fixing.
  • Added better logic to verbose log event filters.
  • Improved logic to link parent and child processes.
  • LogRemoteEndpointType preference key values are no longer case-sensitive.
  • Improved connection logic for Syslog protocol remote logging.
  • Improved connection logic for raw TLS port remote logging.
  • Fixed minor bugs with cmdReporter -T command line output.
  • Improved error logging for all cmdReporter functions and processes.

New Log Event Types

  • RATE_LIMIT_END_EVENT

New Fields

  • exec_chain.thread_uuid

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.