- Fix error while closing the writer for
GCPStorage(PR#1116 thanks to @chanukya-yekollu-exa)
- New output: OTLP Logs (PR#1109)
- Add the namespace and the pod name as labels by default in
Lokipayload (PR#1087 thanks to @afreyermuth98) - Allow to set the format for the
Lokipayload to JSON (PR#1091) - Allow to set a template for the subjets for
NATS/STANoutputs (PR#1099) - Improve the logger with a generic and extensible method (PR#1102)
- Remove forgotten debug line (PR#1088)
- Fix missing templated fields as labls in
Lokipayload (PR#1091) - Fix creation error of
ClusterPolicyReports(PR#1100) - Fix missing custom headers for HTTP requests for
Loki(PR#1107 thanks to @lsroe) - Fix wrong key format for
Prometheusformat (PR#1110 thanks to @rubensf)
- New output: Webex (PR#979 thanks to @k0rventen)
- New output: OTLP Metrics (PR#1012 thanks to @ekoops)
- New output: Datadog Logs (PR#1052 thanks to @yohboy)
- Reuse of the http client for 3-4x increase of the throughput (PR#962 thanks to @alekmaus)
- Improve outputs throughput handling (PR#966 thanks to @alekmaus)
- Batching and gzip compression for the
Elastticsearchoutput (PR#967 thanks to @alekmaus) - Use the same convention for the Prometheus metrics than Falco (PR#995)
- Add
APIKeyforElasticsearchoutput (PR#980 thanks to @alekmaus) - Add
Pipelineconfiguration forElasticsearchoutput (PR#981 thanks to @alekmaus) - Add
MessageThreadIDconfiguration inTelegramoutput (PR#1008 thanks to @vashian) - Support multi-architecture in build (PR#1024 thanks to @nickytd)
- Add
falcoas source for theDatadog Events(PR#1043 thanks to @maxd-wttj) - Support
AlertManageroutput in HA mode (PR#1051)
- Fix
PolicyReportscreated in the same namespace than previous event (PR#978) - Fix missing
customFields/extraFieldsin theElasticsearchpayload (PR#1033) - Fix incorrect key name for
CloudEventspec attribute (PR#1051)
Warning
Breaking change: The Prometheus metrics have different names from this release, it might break the queries for the dashboards and alerts.
- New output: Dynatrace (PR#575 thanks to @blu3r4y)
- New output: OTLP Traces (PR#613 thanks to @jjo)
- New output: Sumologic (PR#656 thanks to @mencarellic)
- New output: Quickwit (PR#736 thanks to @idrissneumann)
- New output: Falco Talon (PR#929)
- Add global TLS config (PR#588 thanks to @ibice)
- Add
sourceas label forPrometheusmetrics (PR#665) - Better logs when TLS is enabled (PR#668)
- Add test for utils sorting function (PR#694 thanks to @stevemcquaid)
- Refactor of the
InitClient(PR#765 thanks to @idrissneumann) - Allow to use alternative endpoints for the
AWS S3output (PR#791 thanks to @gysel) - Consistent order for the
output_fieldsandtags(PR#802) - Allow to add custom headers for
AlertManageroutput (PR#827 thanks to @Umaaz) - Add more checks for the
GCP Storageoutput (PR#858) - Possibility to create an index template for the
Elasticsearchoutput (PR#868) - Possibility to "flatten" the
output_fields(replace.by_) for theElasticsearchoutput to avoid mapping conflicts (PR#868) - Truncate the fields with a length > 512 chars to avoid rejection from some outputs (PR#871)
- Change the license to Apache 2.0 (PR#882 thanks to @leogr)
- Revamp the
PolicyReportoutput (PR#899) - New parameter
outputFieldFormatto modify on the fly the format of theoutputfield (PR#901)
- Fix missing root CA for the
Kafkaoutput (PR#581 thanks to @claviola) - Fix bug with the extension
sourcein theCloudEventoutput (PR#587) - Fix panics in the
Prometheusoutput whenhostnamefield is missing (PR#628) - Remove refs to deprecated
ioutilmodules (PR#639 thanks to @testwill) - Fix locks in the
Lokioutput (PR#647 thanks to @bsod90) - Split the docs for the outputs into multiple files (PR#648)
- Fix mTLS client verification failures due to missing ClientCAs (PR#666 thanks to @jgmartinez)
- Fix wrong env var for pagerduty output (PR#682)
- Remove hard settings for usernames in
MattermostandRocketchat(PR#731) - Fix multi lines json in the error lines (PR#764 thanks to @idrissneumann)
- Fix duplicated custom headers in clients (PR#801, PR#857)
- Fix the labels for the
AlertManageroutput (PR#870 thanks to @Umaaz)
- New output: Redis (PR#396 thanks to @pandyamarut)
- New output: Telegram (PR#431 thanks to @zufardhiyaulhaq)
- New output: N8N (PR#462)
- New output: Grafana OnCall (PR#470)
- New output: OpenObserve (PR#509)
- Add
outputin the description annotation forAlertManageroutput (PR#341) - Allow to set the http method for
Webhookoutput (PR#399) - Add
hostnameas prometheus label (PR#420 thanks to @Lowaiz) - Allow to replace the brackets (PR#421)
- Allow to set custom http headers for
Loki,ElasticsearchandGrafanaoutputs (PR#428) - Add
hostname,tags,customandtemplated fieldsforTimescaleDBoutput (PR#438 thanks to @hileef) - Allow to set thresholds for the dropped events in
AlertManagerouput (PR#439 thanks to @Lowaiz) - Match the
prioritywithAlertManagerseverity label (PR#440 thanks to @Lowaiz) - Add
rolearnandexternalidfor the assume role forAWSoutputs (PR#494) - Allow to set the
regionforPagerDutyoutput (PR#500) - Add TLS option + rewrite send method for the
SMTPoutput (PR#502) - Add attributes to
GCP PubSubmessages (PR#505 thanks to @annadorottya) - Add option for TLS and mTLS for the server (PR#508 thanks to @annadorottya)
- Add setting to auto create the
Kafkatopic (PR#554) - Add option to deploy a HTTP only server for specific endpoints (PR#565 thanks to @annadorottya)
- Support multiple bootstrap servers for
Kafkaoutput (PR#571 thanks to @ibice) - Add option for TLS for
Kafkaoutput (PR#574)
- Fix error handling in
AWS Security Lakeoutput (PR#390) - Fix breaking brackets in
AWS SNSmessages (PR#419) - Fix setting name for the table of
TimescaleDBoutput (PR#426 thanks to @alika) - Fix cardinality issue with prometheus labels (PR#427)
- Fix panic when assert output fields which are nil (PR#429)
- Fix dependencies for
Wavefrontoutput (PR#432) - Fix key pattern for
AWS Security Lakeoutput (PR#447) - Fix default settings for
Telegramoutput (PR#495 thanks to @schfkt) - Fix URL generation for
Spyderbatoutput (PR#506 thanks to @bc-sb) - Fix nil values in
Spyderbatoutput (PR#527 thanks to @spider-guy) - Fix duplicated headers in
SMTPoutput (PR#528 thanks to @apsega) - Fix missing trim for names and values of labels for
AlertManageroutput (PR#563 thanks to @Lowaiz) - Fix missing returned errors for
Kafkaoutput (PR#573)
- New output: Yandex Data Streams (PR#336 thanks to @preved911)
- New output: Node-Red (PR#337)
- New output: MQTT (PR#338)
- Templated fields: custom fields generated with Go templates (PR#350)
- New output: Zincsearch (PR#360)
- New output: Gotify (PR#362)
- New output: Spyderbat (PR#368 thanks to @spyder-kyle)
- New output: Tekton (PR#371)
- New output: TimescaleDB (PR#378 thanks to @jagretti)
- New output: AWS Security Lake (PR#387)
SMTPoutput now uses any SASL auth mechanism (PR#341 thanks to @Lowaiz)- Bind
Policy Reportsto Namespace byownerReference(PR#346) - Add extra labels and annotations for
AlertManagerpayloads (PR#347 thanks to @Lowaiz) - Update default type for
Elasticsearchdocuments (PR#349) - Support env vars in custom fields (PR#353)
- Update format + default endpoint for
Lokioutput (PR#356) - Determine resource names + owner ref for
Policy Reports(PR#358) - Update
Influxdboutput to use API Token and /api/v2 endpoint (PR#359) - Allow to override the
Slackchannel (PR#366) - Add From, To and Date headers in
SMTPpayload (PR#364) - Improve the check of the payload from
Falco, it allows now to have an empty output (PR#372) - Allow to set user and api key for
Lokioutput forGrafana Logs(PR#379) - Add
hostnamein json payload for all outputs (PR#383 thanks to @Lowaiz) - Add SASL authentication for
Kafkaoutput (PR#385 thanks to @Lowaiz) and @lyoung-confluent) - Support CEF format for
Syslogoutput (PR#386) - Allow to disable STS check for
AWSoutput (PR#387)
- Fix
prioritylabel was replaced bysourceinAlertManagerpayload (PR#340 thanks to @tks98) - Fix missing cert checks + fix inverted logic to use them in codebase (PR#345)
- Fix race condition when headers are added to POST requests (PR#380 thanks to @bc-sb)
- Add
expiresafterfor AlertManager output (PR#323 thanks to @anushkamittal20) - Add
extralabelsfor Loki and Prometheus outputs which allow to set fields to use as labels additionally torule,source,priority,tagsandcustomfields(PR#327)
- Fix Panic for Prometheus metrics when
customfieldsare set (PR#333)
- New output: Policy Report (PR#256 thanks to @anushkamittal20)
- New output: Syslog (PR#272 thanks to @bdluca)
- New output: AWS Kinesis (PR#277 thanks to @gauravgahlot)
- New output: Zoho Cliq (PR#301 thanks to @averni)
- Images and Binaries for arm and arm64 (PR#288)
- Sign artifacts with cosign (PR#302)
- Add CI steps to push images into AWS ECR (PR#270 thanks to @maxgio92)
- Allow to choose API endpoint for AlertManager (PR#282 thanks to @mathildeHermet)
- Add label
priorityin AlertManager events (PR#276) - Update Golang + GolangCI-Lint (PR#289 PR#292)
- Add version info (PR#290)
- Update image base to alpine 3.15 (PR#291)
- Increase CircleCI timeout (PR#293)
- Support IRSA for AWS authentication (PR#295 thanks to @VariableExp0rt)
- Add tenant for Loki output (PR#308 thanks to @JGodin-C2C)
- Upgrade endpoint for Loki (PR#309 thanks to @JGodin-C2C)
- Add
tagsandsourcein events for all outputs (PR#310) - Add
custom_fieldsto Prometheus series (PR#314 thanks to @LyvingInSync) - Update CircleCI jobs (PR#316)
- Fix OpsGenie output when keys have "." (PR#287)
- Fix typo in README (PR#299 thanks to @oleg-nenashev)
- Fix GCS writer not closed (PR#312 thanks to @Milkshak3s)
- New output: Grafana (PR#254)
- New output: Fission (PR#255 thanks to @gauravgahlot)
- New output: Yandex Cloud S3 (PR#261 thanks to @nar3k)
- New output: Kafka REST (PR#263 thanks to @dirien)
- Set header
x-amz-acltobucket-owner-full-controlfor outputAWS S3(PR#264 thanks to @Kaizhe) - Docker image is now available on
AWS ECR Public Gallery(PR#265 thanks to @maxgio92)
- Fix memory leak with
AddHeadersmethod (PR#252 thanks to @distortedsignal)
- New output: Wavefront (PR#229 thanks to @rikatz)
- New output: GCP Cloud Functions (PR#241)
- New output: GCP Cloud Run (PR#243)
- Allow MutualTLS for some outputs (PR#231 thanks to @jasiam)
- Allow Workload identity for GCP output (PR#235 thanks to @cartyc)
- Add basic auth for Elasticsearch output (PR#245 thanks to @distortedsignal)
- Reorder fields in Slackt, RocketChat and Mattermost outputs + sort
customer_fieldsalphabetically (PR#226) - Set default values for OpenFaas output (PR#232)
- Re-use session for AWS output instead of deprecated
session.New()(PR#238 thanks to @dchoy) - Reorganize management of headers for outputs (PR#245 thanks to @distortedsignal)
- Fix init of DogstatsD output (PR#227)
- Remove duplicated logs + fix some of prefixes (PR#228)
- Fif S3 output when "Default encryption" setting is disabled (PR#242 thanks to @Kaizhe)
- New output: AWS S3 (PR#195 thanks to @evalsocket)
- New output: GCP Storage (PR#202 thanks to @evalsocket)
- New output: RabbitMQ (PR#210 thanks to @evalsocket)
- New output: OpenFaas (PR#208 thanks to @developper-guy)
- Use higher level Writer api for Kafka (PR#206 thanks to @zemek)
- Reorder imports to follow good practices (PR#205)
- Prevent misleading error message when CUSTOMFIELDS env var is set (PR#201 thanks to @zemek)
- Use Events v2 API for PagerDuty output (PR#200 thanks to @caWhite)
- Fix outputformat when using fields or text in Slack output (PR#204)
- Fix HTML template for SMTP output (PR#199)
- Include numeric values for
Alertmanageroutputs (PR#177 thanks to to @alsm) - Add
listenaddressoption (PR#187 thanks to to @alsm)
- Fix spelling typos in README (PR#175 thanks to to @princespaghetti)
- Fix several
gosecissues (PR#179 thanks to to @alsm) - Fix label values with quotes for
Loki(PR#182)
- New output: STAN (NATS Streaming) (PR#135)
- New output: PagerDuty (PR#164)
- New output: Kubeless (PR#170)
- CI: clean filters (PR#138)
- Replace library for
Kafka(PR#139) - Re-align code for
NATSoutput (PR#159) - Add new endpoint
/healthz(PR#167) - Change the way to manage Priority (PR#171 thanks to @n3wscott)
- Fix missing metrics for various outputs (PR#145, PR#146, PR#147, PR#148, PR#149, PR#150, PR#151, PR#152, PR#153, PR#154, PR#155, PR#156, PR#157, PR#158)
- New output: Apache Kafka (PR#124 thanks to @KeisukeYamashita)
- New output: Cloudwatch Logs (PR#127 thanks to @cpanato)
- Bump Golang version to
1.15(PR#128 thanks to @KeisukeYamashita) - Add a contributing document (PR#123 thanks to @cpanato)
- Add a
.dockerignorefor small images (PR#126 thanks to @KeisukeYamashita) - Refactor HTTP server handler (PR#116 thanks to @KeisukeYamashita)
- Add test for
Discord(PR#117 thanks to @KeisukeYamashita)
- Fix Discord output's Prometheus metrics (PR#118 thanks to @KeisukeYamashita)
- Fix
nil pointerwhenGCPconfiguration is incorrect (PR#130)
- New output: Google Chat (PR#107 thanks to @KeisukeYamashita)
- Add test for
Mattermost(PR#99 thanks to @cpanato) - Add golangci lint (PR#100 thanks to @cpanato)
- Dependecies: update several deps (PR#103 thanks to @cpanato)
- clean a bit the
Circleciconfig (PR#106 thanks to @cpanato) - Use
testifyto check the test results (PR#108 PR#112 thanks to @cpanato) - Refactor type assertion in output (PR#110 thanks to @KeisukeYamashita)
- Add test for
Rocketchat(PR#113 thanks to @cpanato)
- New output: GCP PubSub (PR#97 thanks to @IanRobertson-wpe)
- Custom Headers can be set for
Webhookoutput (PR#92)
- Enable of
CircleCIfor unit tests
- New output: AWS SNS (PR#84)
- A
prometheusexporter is now available for all metrics
The Helm chart has been migrated to falcosecurity/charts, the official repository chart of falco organization. You can now install it from artifacthub.io.
- New output: Azure Event Hubs (PR#66 thanks to @arminc)
- New output: Discord (PR#61 thanks to @nibalizer)
- Cert validity of outputs can be disabled (PR#74)
- Golang 1.14 is now used for building the Docker image
- Displayed username can be override for Slack, Mattermost and Rocketchat (PR#72)
- Wrong port name was displayed as output of Helm chart
This release is the last one with an Helm chart, the next ones will be in Falco Charts repo
- New output: Rocketchat
- New output: Mattermost
- Allow using Datadog EU site by specifying new variable datadog.host/DATADOG_HOST (PR#59 thanks to @DrPhil)
- Docker Image is based now on last Golang and Alpine images
- Wrong value reference for Elasticsearch output in deployment.yaml
- New output: Webhook
- New output: DogStatsD
- New metrics : running goroutines, number of used CPU
- 💥 Standardization of metric names (to be consistent between expar and (Dog)StatsD)
- 💥 New namespace for metrics (inputs), will be used for future inputs (fifo, gRPC)
- StatsD implementation worked only with DogStatsD (issue #49)
- Fix panic when payload from Falco is empty
- New output: StatsD (PR#43 thanks to @actgardner)
- Fix typo in priority check (PR#42 thanks to @palmerabollo)
- Fix Opgenie config in helm template (PR#41 thanks to @kamirendawkins)
- Add formatted Text in Slack message (PR#40 thanks to @actgardner)
- New output: Opsgenie
- New avatar : with colors and squared
- Duplicated entries when events have non-string fields (PR#38 thanks to @actgardner)
- New output: NATS
- All referencies to previous repository are replaced, falcosidekick is now in falcosecurity organization
- Update of Dockerfile : golang 1.12 + alpine 3.10
- New output: Loki
- New output: SMTP (email)
- New output: AWS Lambda
- New output: AWS SQS (issue #5)
- New output: Teams (issue #30)
- A github page has been created : https://falcosecurity.github.io/falcosidekick/
- Slack tests are now consistant (order of fields in JSON output wasn't always the same, tests failed sometimes for that)
- README : clean up of several typos
- Elasticsearch : An index suffix can be set for rotation (see README) (issue #27 thanks to @ariguillegp)
- A minimum priority for each output can be set
- New output: Influxdb (issue #4)
- Panic happened when trying to add
customfieldsbut falco event hadn't
- New output: Elasticsearch (issue #14)
- New configuration method : we can now use a config file in YAML and/or env vars (see README) (issue #17)
- New endpoint :
/debug/varsgives access to Golang + Custom metrics (see README) (issue #17)
- Add a lot of unit tests for code coverage (issue #17)
- Some log outputs have been reformated
- 💥 Some env variables have been renamed again to match fields in YAML config files (see README)
- Panic are now catched to avoid crashes
- All outputs use new generic methods (
NewClient()+Post()), new output integration will be easier - 💥 some variables have been renamed to be relevant with their real names in API docs of Outputs
DATADOG_TOKEN->DATADOG_API_KEYSLACK_TOKEN->SLACK_WEBHOOK_URL
/testsends an event with a timestamp set at now
- Change
SLACK_HIDE_FIELDSforSLACK_OUTPUT_FORMAT, you can now choose how events are displayed in Slack
- Add
SLACK_HIDE_FIELDSenv var, to enable concise output in Slack (fields are not displayed) (issue #15)
- Remove
/checkPayloadendpoint, not usefull anymore - Change of how enabled/disabled outputs are printed in log (more concise view)
- Falco's payload is printed in log if
DEBUG=true
- Add a
/testendpoint which sends a fake event to all enabled outputs - Add a
DEBUGenv var, if enabled, payload for enabled outputs will be printed in stdout
- Reformate some logs outputs to be nicer
- Add a check on payload's body from falco to avoid to send empty's ones to outputs
- Use of go mod is Dockerfile for build (PR#1 thanks to @perriea)
- Add email maintener in Dockerfile (PR#1 thanks to @perriea)
- New output: Alert Manager
- Add status of posts to Outputs in logs (stdout)
- Update changelog
- Update README with new Slack Options + more info
- New Slack Options :
SLACK_FOOTER,SLACK_ICON
- New Slack Options :
SLACK_FOOTER,SLACK_ICON - Add output status in log to get those which are enabled
- Check of
LISTEN_PORTininit(): port must be an integer between 1 and 65535 - Long string in slack field values are not splitten anymore
- Some log level tags were missing
- Fix cert errors in alpine (PR#1 thanks to @palmerabollo)
- First tagged release