New:

• cmdReporter will now automatically rate-limit log events that repeat within a small time frame.
• Added new "RATE_LIMIT_END_EVENT" that will detail which event was rate limited and how many times it occurred.
• Execution chain events now have a field (exec_chain.thread_uuid) with a UUID that is constant throughout the execution chain to make correlating events easier.
• Unified log events are now streamed to cmdReporter instead of collected on an interval.
• Added ability to send directly to a Splunk HTTPS event collector without the need for a Splunk universal forwarder.
• Added AWS Kinesis as a remote logging destination.
• New, more robust methods for collecting file system events with file descriptor, inode location, and more low-level information for forensic analysis.

Improvements

• Minor performance improvements and bug fixing.
• Added better logic to verbose log event filters.
• Improved logic to link parent and child processes.
• LogRemoteEndpointType preference key values are no longer case-sensitive.
• Improved connection logic for Syslog protocol remote logging.
• Improved connection logic for raw TLS port remote logging.
• Fixed minor bugs with cmdReporter -T command line output.
• Improved error logging for all cmdReporter functions and processes.

New Log Event Types

• RATE_LIMIT_END_EVENT

New Fields

• exec_chain.thread_uuid