Agent Release Changelog

Follow

Release Announcement

v1.6.5

Release date 8/10/2017

Enhanced

With the 1.6.5 release, we improved the:

  • Agent performance by using the Docker API for container identification
  • File system performance for agents using Docker integration
  • Container tracking across restarts of Docker daemon
  • Additional information for user and source IP pulled from 2FA login failure events
  • FIM event handling on CentOS 7
  • Logging for better problem diagnosis

Discontinued

Threat Stack will no longer support the Ubuntu 12.04 (precise) agent

Archived Agent Release Information

2017 Agent Releases

v1.6.4

Release 7/5/2017

  • CoreOS installer automatically configures Agent container support
  • Improved performance and reliability on Docker hosts with a large number of paused containers
  • Using the --force option with the CoreOS installer will no longer report "integer expression expected"
  • Additional cleanup, logging improvements and updates to internal libraries

v1.6.3

Release 6/12/2017

  • Support for CoreOS:
    • Agent has been qualified for CoreOS Stable v1353.8.0 and later
    • We ship an installer script for customers to facilitate installing the agent and its dependencies, as well as a systemd service configuration
    • README.md with additional information
  • Improved handling of deployment scenarios where the agent is started by the OS before being properly configured and registered
  • Improved handling of cases with large amounts of Docker container metadata
  • Performance improvements for Docker container support

v.1.6.2

Release 3/30/2017

  • Improved connection handling and detection of connection issues to Threat Stack platform
  • Expanded the agent status check to allow customers to query whether the agent is sending data to the platform
  • Resolved an issue where agent installation would create files in /mnt/jenkins

v.1.6.1

Release 3/9/2017

  • Improved support for authentication failures on CentOS 6 - user and source IP are now sent as discrete data available for alerting and searching

v1.6.0

Release 2/21/2017

  • Support for new Threat Stack Monitor and Investigate plans
  • Support for Docker 1.13.0
  • Resolved an issue where a Docker event could become unassociated with its originating container

v1.5.1

Release 1/23/2017

  • Major upgrade to agent core engine optimizing CPU utilization, memory consumption and providing additional security and stability enhancements

v1.5.0

Not publicly released

2016 Agent Releases

v1.4.14

Release 12/20/2016

  • Added support for Docker 1.12.4

v1.4.13

Release 10/18/2016

  • Added support for Docker 1.12

v1.4.12

Release 9/20/2016

  • Fixed an issue where using yum erase to remove the Threat Stack agent on a system without perl installed could cause issues with /etc/pam.d/sshd configuration
  • Added additional configuration options to drop specific kernel audit messages from raw audit log
  • Improved handling of group modification events for local accounts

v1.4.11

Release 7/28/2016

  • Added support for capturing authentication failures for Google Authenticator
  • Faster updating of File Integrity Monitoring (FIM) rules in the agent

v1.4.10

Release 7/12/2016

  • Additional Docker integration enhancements

v1.4.9

Release 6/20/2016

  • Updated Docker integration to reduce CPU load
  • Upgraded internal components for performance, reliability and security

v1.4.8

Release 5/17/2016

  • Resolved directory permissions issue on /opt/threatstack/etc
  • Resolved an issue where the tscontainersd sensor for Docker events could crash under certain circumstances on Amazon Linux
  • The agent now outputs its configuration parameters into a JSON-formatted file at /opt/threatstack/cloudsight/config/config.json. This lists all the variables that configured with the agent and can be used to inspect agent state
  • Added a configuration option to output raw audit framework messages to a log file

v1.4.7

Not publicly released

v1.4.6

Release 4/28/2016

  • Improved efficiency in calling Docker APIs, resulting in lower CPU utilization
  • Better handling of Docker registry format changes to handle Docker 1.1x and greater
  • Improved login failure tracking to catch failed public key authentication attempts

v1.4.5

Release 3/28/2016

  • Stability and performance enhancements
  • Reduced occurrences of encoded process names, from deleted processes, showing up in Threat Stack UI

v1.4.4

Release 2/24/2016

  • Updated installed package scanning to better support Amazon Linux and Red Hat distributions
  • Enhanced login failure tracking to provide more information on attempts by users

v1.4.3

Release 2/17/2016

  • Resolved an issue where in certain circumstances FIM rule changes aren't pushed to the agent in a timely manner

v1.4.2

Release 2/16/2016

  • Added support for an upcoming feature for scanning locally installed packages for vulnerabilities
  • Additional improvements to our internal process control to reduce instances where we restart our sensors due to a system issue

v1.4.1

Release 1/11/2016

  • Resolved an issue where, under certain load circumstances, the agent could consume more CPU than necessary

v1.4.0

Release 1/4/2016

  • Improved upgrade performance
  • Logging kernel, distro, and Threat Stack server data
  • Ability for customers to redact process arguments
  • Additional information for FIM events
2015 Agent Releases

v.1.3.5

Release 12/7/2015

  • Removed unused network features from the agent to reduce CPU and network load on the host system

  • Upgraded embedded node.js to v0.10.41

v.1.3.4

Release 10/30/2015

  • Resolved an issue in v1.3.2 when starting the agent on Amazon Linux

v1.3.3

Not publicly released

v1.3.2

Release 10/29/2015

  • Includes host system information in cloudsight.log when the agent starts
  • Resolves an issue on Ubuntu 12.04 where the installer doesn’t properly configure login tracking
  • Fix for handling large Docker containers

v.1.3.1

Release 10/5/2015

v1.2.4

Released 9/14/2015

  • Fixed another issue with process supervision

v1.2.3

Released 9/10/2015

  • Fixed an issue where our process supervisor was too aggressive with restarting agent components
  • Stability and performance improvements

v1.2.1

Released 7/22/2015

  • Improved support for Stacked Ruleset feature
  • File integrity rule exclusions no longer require a full path
  • Improved performance for systems under heavy network load 

v1.2.0

Released 6/30/2015

  • Support for an upcoming feature release to support multiple policies per agent
  • Added timestamps to log files
  • This is the last version of the agent that will be provided for 32-bit systems and for Ubuntu 10.04

v1.1.11

Released 5/20/2015

  • Fixed a bug related to an issue where a user could not register an agent using a configuration file and the --config= run time flag.

v1.1.10

Released 5/1/2015

  • Set hard package conflict on linux-image-3.13.0-51-generic - disallow the ability for the TS agent and that kernel to run together.  See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1450442 for more info
  • Update the post-install files to ensure the audit rules get loaded correctly on install and upgrade.

v1.1.9

Released 4/28/2015

  • Refactor and improve init script to include better pid file management
  • Include basic support for Debian 7.x - official packages will be available soon.

v1.1.7

Released 3/11/2015

  • Fix issue related to race condition where the tsfim process could start twice and the agent could fail to bind and cause the agent to fail startup
  • Ignore FIM events from Cloudsight agent.
  • Cache user lookups
  • Ensure when threatstack system user is created we explicitly set a false login shell.

v1.1.6

Released 3/2/2015

  • Add configuration option (cloudsight config disable_fim=1) to allow disabling file integrity monitoring on the agent.
  • Disable DNS resolution queries by default. (To enable use cloudsight config disable_dns_lookups=0)
  • Performance fixes related to reading tsaudit.log on restart.
  • With additional tuning we no longer need larger logs on nodes - reduced the max tsauditd.log size to 50MB

v1.1.4

Released 2/9/2015

  • Set tsaudit.log to roll at 100MB max log size.
  • Add better restart logic when tsaudit is idle
  • Fixed a few bugs related to DNS resolution that could contribute to high CPU and network usage.

1.1.3

Released 1/19/2015

  • Send up internal IP addresses so the UI can display on the agents page (vs just sending external IP address)
  • Add a --hostname configuration flag, which at new agent registration allows user to define the friendly name the agent will display in the UI.  This defaults to the systems hostname when not set.

v1.1.2

Released 1/19/2015

  • Add memory stats to agent tracking for logging rss memory usage.
  • Update local logging to not include superfluous heartbeat logging messages.
  • Fix packaging to properly remove /opt/threatstack when uninstalling agent
  • Add a check to fail when ts_fanotifyLL_new init fails
  • Check for kernel version >= 2.6.37 to enable fanotify

v1.1.1

Released 1/15/2015

  • Fix and update various Info log messages to Debug.

v1.1.0

Released 1/14/2015

  • Updates to the agent to support Signed Apt and Yum repositories
  • Threat Stack Agent package name is now "threatstack-agent"
  • Updates to how the agent can be registered - now supports command line flags as well as path to a file with deploy key and policy name/ID.
  • Add tunable for disabling DNS resolution for network connections.
  • Removed sys_socket syscall as it's no longer required and can cause performance issues.
  • Numerous performance updates and improvements around File Integrity Monitoring and audit improvements
2014 Agent Releases

v1.0.24

Released 11/8/2014

  • Resolves an issue where agents running on Amazon EC2 instances may not properly register their instance-id, resulting in agent status not displaying properly
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.