New Features
- new CLI
- new
killevent generated when a process attempt at killing another - harden mode: prevent kunai from being tampered with by other processes
- action handling: detection rules can be configured with actions to take after detection
kill: kill the process triggering the detection rulesscan-files: scan any file path contained in event with Yara rules
- new
file_scanevent: generated when ascan-filesaction is run - IoC now contain severity information: allow to attribute more or less importance to some IoC sources/types
Notable fix
- High memory consumption on the long run or when kunai runs under stress conditions
What's Changed
- feat: new CLI by @qjerome in #85
- fix: tokio task panic propagation by @qjerome in #86
- fix: broken clippy command for eBPF by @qjerome in #87
- feat: new kill event + hardened mode through LSM by @qjerome in #89
- feat: implement handling action in detection rules + yara-x integration by @qjerome in #91
- fix: high memory consumption issue by @qjerome in #95
- fix #70: making IoC severity configurable by @qjerome in #97
- fix: namespace cache by @qjerome in #98
- chore: prepare new release by @qjerome in #99
- fix: aarch64 build by @qjerome in #100
Full Changelog: v0.2.4...v0.3.0-alpha.1