Skip to main content

May 2023 Linux Agent Release


Release Notes

  • Support for discovering DNS requests over TCP - Starting in this release, the agent discovers DNS requests over TCP and sends them to the Lacework platform to enable it to identify DNS-over-TCP connections. If you want to disable the agent from discovering DNS requests over TCP, use the discover_dns_over_tcp property in the config.json agent configuration file.
  • Optimized data sent by agent in unstable network conditions - Starting in this release, if the Lacework platform is not reachable due to unstable network conditions, the agent waits for five minutes before resending the information. This helps to optimize the data sent by the agent to the Lacework platform.
  • Ecosystem certification - Lacework now supports the following new certified ecosystems, allowing you to deploy agents to these environments with assurance that there are no security gaps in your workloads.
    • MicroK8s
    • Kubernetes version 1.26
  • Support for specifying the AWS metadata request interval using the Helm Chart - The agent retrieves metadata tags from AWS to enable you to quickly identify where you need to take actions to fix alerts displayed in the Lacework Console. To ensure that the latest metadata is displayed in the Lacework Console, the agent periodically makes describe-tags API calls to retrieve tags from AWS. Starting in this release, you can use the metadataRequestInterval option in the Helm Chart for the Lacework Linux agent to specify the interval during which the agent retrieves the tags.

Public Preview

  • Focus Ruby package vulnerability detection on active packages - The Lacework platform can now detect active and inactive Ruby packages on hosts if you do the following:

    1. Install Linux agent v6.6 or later on hosts.
    2. Enable active package detection for the agent. For more information, see codeaware property.
    3. Enable Agentless Workload Scanning on the hosts.

    This enables you to know whether a vulnerable Ruby package is being used by an application on your host and prioritize fixing active vulnerable packages first. Use the Package Status filter in the Host Vulnerability page to see active or inactive vulnerable Ruby packages on hosts. See Host Vulnerability - Package Status for details.