Skip to content

Latest commit

 

History

History
509 lines (447 loc) · 40.4 KB

CHANGELOG.md

File metadata and controls

509 lines (447 loc) · 40.4 KB

Changelog

2.30.0 - 2024-11-28

New

Enhancement

  • Reuse of the http client for 3-4x increase of the throughput (PR#962 thanks to @alekmaus)
  • Improve outputs throughput handling (PR#966 thanks to @alekmaus)
  • Batching and gzip compression for the Elastticsearch output (PR#967 thanks to @alekmaus)
  • Use the same convention for the Prometheus metrics than Falco (PR#995)
  • Add APIKey for Elasticsearch output (PR#980 thanks to @alekmaus)
  • Add Pipeline configuration for Elasticsearch output (PR#981 thanks to @alekmaus)
  • Add MessageThreadID configuration in Telegram output (PR#1008 thanks to @vashian)
  • Support multi-architecture in build (PR#1024 thanks to @nickytd)
  • Add falco as source for the Datadog Events (PR#1043 thanks to @maxd-wttj)
  • Support AlertManager output in HA mode (PR#1051)

Fix

  • Fix PolicyReports created in the same namespace than previous event (PR#978)
  • Fix missing customFields/extraFields in the Elasticsearch payload (PR#1033)
  • Fix incorrect key name for CloudEvent spec attribute (PR#1051)

Warning

Breaking change: The Prometheus metrics have different names from this release, it might break the queries for the dashboards and alerts.

2.29.0 - 2024-07-01

New

Enhancement

  • Add global TLS config (PR#588 thanks to @ibice)
  • Add source as label for Prometheus metrics (PR#665)
  • Better logs when TLS is enabled (PR#668)
  • Add test for utils sorting function (PR#694 thanks to @stevemcquaid)
  • Refactor of the InitClient (PR#765 thanks to @idrissneumann)
  • Allow to use alternative endpoints for the AWS S3 output (PR#791 thanks to @gysel)
  • Consistent order for the output_fields and tags (PR#802)
  • Allow to add custom headers for AlertManager output (PR#827 thanks to @Umaaz)
  • Add more checks for the GCP Storage output (PR#858)
  • Possibility to create an index template for the Elasticsearch output (PR#868)
  • Possibility to "flatten" the output_fields (replace . by _) for the Elasticsearch output to avoid mapping conflicts (PR#868)
  • Truncate the fields with a length > 512 chars to avoid rejection from some outputs (PR#871)
  • Change the license to Apache 2.0 (PR#882 thanks to @leogr)
  • Revamp the PolicyReport output (PR#899)
  • New parameter outputFieldFormat to modify on the fly the format of the output field (PR#901)

Fix

  • Fix missing root CA for the Kafka output (PR#581 thanks to @claviola)
  • Fix bug with the extension source in the CloudEvent output (PR#587)
  • Fix panics in the Prometheus output when hostname field is missing (PR#628)
  • Remove refs to deprecated ioutil modules (PR#639 thanks to @testwill)
  • Fix locks in the Loki output (PR#647 thanks to @bsod90)
  • Split the docs for the outputs into multiple files (PR#648)
  • Fix mTLS client verification failures due to missing ClientCAs (PR#666 thanks to @jgmartinez)
  • Fix wrong env var for pagerduty output (PR#682)
  • Remove hard settings for usernames in Mattermost and Rocketchat (PR#731)
  • Fix multi lines json in the error lines (PR#764 thanks to @idrissneumann)
  • Fix duplicated custom headers in clients (PR#801, PR#857)
  • Fix the labels for the AlertManager output (PR#870 thanks to @Umaaz)

2.28.0 - 2023-07-18

New

Enhancement

  • Add output in the description annotation for AlertManager output (PR#341)
  • Allow to set the http method for Webhook output (PR#399)
  • Add hostname as prometheus label (PR#420 thanks to @Lowaiz)
  • Allow to replace the brackets (PR#421)
  • Allow to set custom http headers for Loki, Elasticsearch and Grafana outputs (PR#428)
  • Add hostname, tags, custom and templated fields for TimescaleDB output (PR#438 thanks to @hileef)
  • Allow to set thresholds for the dropped events in AlertManager ouput (PR#439 thanks to @Lowaiz)
  • Match the priority with AlertManager severity label (PR#440 thanks to @Lowaiz)
  • Add rolearn and externalid for the assume role for AWS outputs (PR#494)
  • Allow to set the region for PagerDuty output (PR#500)
  • Add TLS option + rewrite send method for the SMTP output (PR#502)
  • Add attributes to GCP PubSub messages (PR#505 thanks to @annadorottya)
  • Add option for TLS and mTLS for the server (PR#508 thanks to @annadorottya)
  • Add setting to auto create the Kafka topic (PR#554)
  • Add option to deploy a HTTP only server for specific endpoints (PR#565 thanks to @annadorottya)
  • Support multiple bootstrap servers for Kafka output (PR#571 thanks to @ibice)
  • Add option for TLS for Kafka output (PR#574)

Fix

  • Fix error handling in AWS Security Lake output (PR#390)
  • Fix breaking brackets in AWS SNS messages (PR#419)
  • Fix setting name for the table of TimescaleDB output (PR#426 thanks to @alika)
  • Fix cardinality issue with prometheus labels (PR#427)
  • Fix panic when assert output fields which are nil (PR#429)
  • Fix dependencies for Wavefront output (PR#432)
  • Fix key pattern for AWS Security Lake output (PR#447)
  • Fix default settings for Telegram output (PR#495 thanks to @schfkt)
  • Fix URL generation for Spyderbat output (PR#506 thanks to @bc-sb)
  • Fix nil values in Spyderbat output (PR#527 thanks to @spider-guy)
  • Fix duplicated headers in SMTP output (PR#528 thanks to @apsega)
  • Fix missing trim for names and values of labels for AlertManager output (PR#563 thanks to @Lowaiz)
  • Fix missing returned errors for Kafka output (PR#573)

2.27.0 - 2022-12-13

New

Enhancement

  • SMTP output now uses any SASL auth mechanism (PR#341 thanks to @Lowaiz)
  • Bind Policy Reports to Namespace by ownerReference (PR#346)
  • Add extra labels and annotations for AlertManager payloads (PR#347 thanks to @Lowaiz)
  • Update default type for Elasticsearch documents (PR#349)
  • Support env vars in custom fields (PR#353)
  • Update format + default endpoint for Loki output (PR#356)
  • Determine resource names + owner ref for Policy Reports (PR#358)
  • Update Influxdb output to use API Token and /api/v2 endpoint (PR#359)
  • Allow to override the Slack channel (PR#366)
  • Add From, To and Date headers in SMTP payload (PR#364)
  • Improve the check of the payload from Falco, it allows now to have an empty output (PR#372)
  • Allow to set user and api key for Loki output for Grafana Logs (PR#379)
  • Add hostname in json payload for all outputs (PR#383 thanks to @Lowaiz)
  • Add SASL authentication for Kafka output (PR#385 thanks to @Lowaiz) and @lyoung-confluent)
  • Support CEF format for Syslog output (PR#386)
  • Allow to disable STS check for AWS output (PR#387)

Fix

  • Fix priority label was replaced by source in AlertManager payload (PR#340 thanks to @tks98)
  • Fix missing cert checks + fix inverted logic to use them in codebase (PR#345)
  • Fix race condition when headers are added to POST requests (PR#380 thanks to @bc-sb)

2.26.0 - 2022-06-18

Enhancement

  • Add expiresafter for AlertManager output (PR#323 thanks to @anushkamittal20)
  • Add extralabels for Loki and Prometheus outputs which allow to set fields to use as labels additionally to rule, source, priority, tags and customfields (PR#327)

Fix

  • Fix Panic for Prometheus metrics when customfields are set (PR#333)

2.25.0 - 2022-05-12

New

Enhancement

Fix

2.24.0 - 2021-08-13

New

Enhancement

2.23.1 - 2021-06-23

Fix

2.23.0 - 2021-06-23

New

Enhancement

  • Reorder fields in Slackt, RocketChat and Mattermost outputs + sort customer_fields alphabetically (PR#226)
  • Set default values for OpenFaas output (PR#232)
  • Re-use session for AWS output instead of deprecated session.New() (PR#238 thanks to @dchoy)
  • Reorganize management of headers for outputs (PR#245 thanks to @distortedsignal)

Fix

  • Fix init of DogstatsD output (PR#227)
  • Remove duplicated logs + fix some of prefixes (PR#228)
  • Fif S3 output when "Default encryption" setting is disabled (PR#242 thanks to @Kaizhe)

2.22.0 - 2021-04-06

New

Enhancement

  • Use higher level Writer api for Kafka (PR#206 thanks to @zemek)
  • Reorder imports to follow good practices (PR#205)
  • Prevent misleading error message when CUSTOMFIELDS env var is set (PR#201 thanks to @zemek)
  • Use Events v2 API for PagerDuty output (PR#200 thanks to @caWhite)

Fix

  • Fix outputformat when using fields or text in Slack output (PR#204)
  • Fix HTML template for SMTP output (PR#199)

2.21.0 - 2021-02-12

New

Enhancement

  • Include numeric values for Alertmanager outputs (PR#177 thanks to to @alsm)
  • Add listenaddress option (PR#187 thanks to to @alsm)

Fix

2.20.0 - 2021-01-12

New

  • New output: STAN (NATS Streaming) (PR#135)
  • New output: PagerDuty (PR#164)
  • New output: Kubeless (PR#170)

Enhancement

  • CI: clean filters (PR#138)
  • Replace library for Kafka (PR#139)
  • Re-align code for NATS output (PR#159)
  • Add new endpoint /healthz (PR#167)
  • Change the way to manage Priority (PR#171 thanks to @n3wscott)

Fix

2.19.1 - 2020-12-02

Fix

  • Fix dockerfile to build the new kafka output (PR#56 thanks to @cpanato)

2.19.0 - 2020-12-01

New

Enhancement

Fix

2.18.0 - 2020-11-20

New

Enhancement

Fix

2.17.0 - 2020-11-13

New

Enhancement

  • Better instructions for install with Helm (PR#95 thanks to @pyaillet)

2.16.0 - 2020-10-29

New

  • Custom Headers can be set for Webhook output (PR#92)

Enhancement

  • Enable of CircleCI for unit tests

2.15.0 - 2020-10-27

New

  • New output: AWS SNS (PR#84)
  • A prometheus exporter is now available for all metrics

Enhancement

  • Reduce cardinality of alerts by grouping them for AlertManager (PR#79 thanks to @epcim)

Fix

  • Fix unsupported chars in a label name for AlertManager (PR#78 thanks to @epcim)

Note

The Helm chart has been migrated to falcosecurity/charts, the official repository chart of falco organization. You can now install it from artifacthub.io.

2.14.0 - 2020-08-10

New

Enhancement

  • Cert validity of outputs can be disabled (PR#74)
  • Golang 1.14 is now used for building the Docker image
  • Displayed username can be override for Slack, Mattermost and Rocketchat (PR#72)

Fix

  • Wrong port name was displayed as output of Helm chart

Note

This release is the last one with an Helm chart, the next ones will be in Falco Charts repo

2.13.0 - 2020-06-15

New

  • New output: Rocketchat
  • New output: Mattermost

2.12.3 - 2020-04-21

Enhancement

  • Allow using Datadog EU site by specifying new variable datadog.host/DATADOG_HOST (PR#59 thanks to @DrPhil)
  • Docker Image is based now on last Golang and Alpine images

2.12.2 - 2020-04-21

Fix

2.12.1 - 2020-01-28

Fix

2.12.0 - 2020-01-16

Enhancement

  • Add Pod Security Policy to helm chart (PR#54 thanks to @czunker)

2.11.1 - 2020-01-06

Fix

  • Wrong value reference for Elasticsearch output in deployment.yaml

2.11.0 - 2019-11-13

New

  • New output: Webhook
  • New output: DogStatsD
  • New metrics : running goroutines, number of used CPU

Enhancement

  • 💥 Standardization of metric names (to be consistent between expar and (Dog)StatsD)
  • 💥 New namespace for metrics (inputs), will be used for future inputs (fifo, gRPC)

Fix

  • StatsD implementation worked only with DogStatsD (issue #49)
  • Fix panic when payload from Falco is empty

2.10.0 - 2019-10-22

New

2.9.3 - 2019-10-18

Fix

2.9.2 - 2019-10-11

Enhancement

Fix

2.9.1 - 2019-10-07

Enhancement

2.9.0 - 2019-10-04

New

  • New output: Opsgenie

Enhancement

  • New avatar : with colors and squared

Fix

  • Duplicated entries when events have non-string fields (PR#38 thanks to @actgardner)

2.8.0 - 2019-09-11

New

  • New output: NATS

2.7.2 - 2019-08-28

Enhancement

  • All referencies to previous repository are replaced, falcosidekick is now in falcosecurity organization

2.7.1 - 2019-08-28

Enhancement

  • Update of Dockerfile : golang 1.12 + alpine 3.10

2.7.0 - 2019-08-27

New

  • New output: Loki

2.6.0 - 2019-08-26

New

  • New output: SMTP (email)

2.5.0 - 2019-08-12

New

Enhancement

  • Slack tests are now consistant (order of fields in JSON output wasn't always the same, tests failed sometimes for that)
  • README : clean up of several typos

2.4.0 - 2019-06-26

Enhancement

2.3.0 - 2019-06-17

New

2.2.0 - 2019-06-13

New

  • A minimum priority for each output can be set
  • New output: Influxdb (issue #4)

Fix

  • Panic happened when trying to add customfields but falco event hadn't

2.1.0 - 2019-06-12

New

Fix

2.0.0 - 2019-05-23

New

  • New output: Elasticsearch (issue #14)
  • New configuration method : we can now use a config file in YAML and/or env vars (see README) (issue #17)
  • New endpoint : /debug/vars gives access to Golang + Custom metrics (see README) (issue #17)

Enhancement

  • Add a lot of unit tests for code coverage (issue #17)
  • Some log outputs have been reformated
  • 💥 Some env variables have been renamed again to match fields in YAML config files (see README)

Fix

  • Panic are now catched to avoid crashes

1.1.0 - 2019-05-10

Enhancement

  • All outputs use new generic methods (NewClient() + Post()), new output integration will be easier
  • 💥 some variables have been renamed to be relevant with their real names in API docs of Outputs
    • DATADOG_TOKEN -> DATADOG_API_KEY
    • SLACK_TOKEN -> SLACK_WEBHOOK_URL

Fix

  • /test sends an event with a timestamp set at now

1.0.7 - 2019-05-09

Enhancement

  • Change SLACK_HIDE_FIELDS for SLACK_OUTPUT_FORMAT, you can now choose how events are displayed in Slack

1.0.6 - 2019-05-09

New

  • Add SLACK_HIDE_FIELDS env var, to enable concise output in Slack (fields are not displayed) (issue #15)

Enhancement

  • Remove /checkPayload endpoint, not usefull anymore
  • Change of how enabled/disabled outputs are printed in log (more concise view)
  • Falco's payload is printed in log if DEBUG=true

1.0.5 - 2019-04-09

New

  • Add a /test endpoint which sends a fake event to all enabled outputs
  • Add a DEBUG env var, if enabled, payload for enabled outputs will be printed in stdout

Enhancement

  • Reformate some logs outputs to be nicer
  • Add a check on payload's body from falco to avoid to send empty's ones to outputs

1.0.4 - 2019-02-01

New

Enhancement

  • Use of go mod is Dockerfile for build (PR#1 thanks to @perriea)
  • Add email maintener in Dockerfile (PR#1 thanks to @perriea)

1.0.3 - 2019-01-30

New

  • New output: Alert Manager

Enhancement

  • Add status of posts to Outputs in logs (stdout)

1.0.2 - 2018-10-10

Enhancement

  • Update changelog
  • Update README with new Slack Options + more info

1.0.1 - 2018-10-10

New

  • New Slack Options : SLACK_FOOTER, SLACK_ICON

Enhancements

  • New Slack Options : SLACK_FOOTER, SLACK_ICON
  • Add output status in log to get those which are enabled
  • Check of LISTEN_PORT in init() : port must be an integer between 1 and 65535
  • Long string in slack field values are not splitten anymore

Fix

  • Some log level tags were missing
  • Fix cert errors in alpine (PR#1 thanks to @palmerabollo)

1.0.0 - 2018-10-10

  • First tagged release