We're excited to announce a new update for the Sekoia Agent with important enhancements and fixes.

Added:
Linux: Now tracking connect syscalls ending in EINPROGRESS.
Windows: Microsoft-Windows-Security-Auditing events 4656 and 4658 from third-party EDRs are now ignored for improved efficiency.

Fixed:
Windows: Resolved startup issues after upgrading to Windows 11 24H2.
Improved the enrichment of process-ended events with parent information.
Enhanced handling for starting ETW sessions.

Ensure your systems are up to date to benefit from these improvements!

We are pleased to announce the release of agent version 1.6.1!

This update brings enhanced efficiency by refining how we handle certain Windows events. We've added the ability to parse the Requester property in specific Windows events, while also optimizing event processing by ignoring some events with no security relevance.

Sekoia agent v.1.5.0 for Windows and Linux is released today with several enhancements and fixes, aimed at optimizing performance and functionality.

Here's a glimpse of what you can expect:

• Enhanced Process Monitoring: We've added detailed information about process owners (users) for events such as creation and termination, providing deeper insights into system activity.
• Flexible Path Exclusion: You now have the ability to exclude specific paths from being monitored, offering greater control and customization across all operating systems.
• Improved DNS Resolution on Linux: The Linux agent now captures DNS resolutions (optionally enabled), enhancing visibility into network activity and potential threats.
• Advanced File Monitoring Configuration: With support for path pattern configuration, file monitoring becomes more versatile and tailored to your specific needs.

We're excited about these updates and confident they'll further elevate your experience with our agent.

Find out the detailed changelog in the documentation

A new version of the Sekoia agent was deployed on Wednesday December 6, bringing the following enhancements:

• Multi-region support: As Sekoia expands its points of contact in different parts of the world to meet its customers' safety and regulatory requirements, the agent had to keep pace. It is now possible to pass a new parameter in the configuration so that your agents can interact with the region in which your tenant is located.
  See documentation

• Improved logs aggregation: in order to reduce unnecessary impact on the network footprint this version introduces changes in log aggregation to isolate the signal from the noise. This improvement helps also to reduce agent's CPU footprint.

• Support for custom CA certificates when using a proxy