October 06, 2021
Summary of Changes/Improvements
- eBPF Support - eBPF is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in an operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules. The above paragraph describing eBPF (Extended Berkeley Packet Filter) is licensed under a Creative Commons Attribution 4.0 International License, as per: https://github.com/cilium/ebpf.io/blob/master/LICENSE. In Agent v4.3 and later, the agent uses pcap for monitoring packets and aggregating them to connections, but for looking up the owning processes that belong to these connections, it will use eBPF events. For details, see eBPF Support.
- EKS Fargate Support - Agent v4.3 supports Amazon Elastic Kubernetes Service (Amazon EKS) Fargate. EKS is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. You can deploy Lacework agent v4.3 and later to secure and monitor applications running in EKS Fargate. For details, see EKS Fargate.
Significant improvement to deployment of Helm charts - Lacework agent Helm charts are now published as a public repository (matches industry standard). You can now download and install the Lacework agent using Helm commands alone. There's no need to extract tarball and edit values.yaml. For details, see Deploy on Kubernetes. You can store the agent token as a Kubernetes Secret, configure sending diagnostic logs to stdout, opt out of auto-upgrade - all through Helm charts.
If you are using agent Helm Charts, you can disable agent auto-upgrade if you want to opt out. If you disable auto-upgrade, the Helm Chart version is the software version installed. The default option is to auto-upgrade the agent.
- Log volume reduction - Changed the log interval for statistics from one minute to five minutes. This reduces the log volume.
- http/s proxy connections - When you configure the Lacework agent in environments with http/s proxy, the agent attempts a connection through the configured proxy. In agent v4.3 and later, if there is a failure or timeout for the connection, the agent will not be able to connect to Lacework.