Skip to content

2.3.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 05 Jul 11:46
· 2 commits to main since this release
v2.3.0
6662a2a
This commit was signed with the committer’s verified signature.
rsmmr Robin Sommer
GPG key ID: D8187293B3FFE5D0
Learn about vigilant mode.

This release contains the following major changes:

  • Linux: Add eBPF-based processes_events and sockets_events
    tables. These remain experimental for now and may require further
    fine tuning.

  • macOS: Add processes_events and sockets_events tables. The
    former uses Endpoint Security, the latter a Network Extension.
    These remain experimental for now.

  • macOS: Add separate installer application and turn the agent into
    a system extension. The installer does three things: (1) it asks
    the system to install the extension persistently; (2) it interacts
    with the user through a small UI, including offering some basic
    configuration; and (3) it communicates with the running extension
    for configuration and status checks.

  • macOS: Distribute releases as pre-built DMG images that are signed and
    notarized.

  • Windows: Distribute releases as pre-built installer packages.

  • Windows: The build now uses vcpkg for dependencies.

  • Support attaching an interactive console to a running agent. To
    connect to an already running agent, execute zeek-agent -r on
    the same machine (note that client and server must be running as
    the same user, probably root).

  • Build without Broker by default. Broker support isn't needed
    anymore with Zeek >= 5.0. We now build without it by default. The
    pre-build binaries likewise no longer include Broker support.

For a detailed list of changes, see CHANGES.

Assets 6
Loading