- New output: Yandex Data Streams (PR#336 thanks to @preved911)
- New output: Node-Red (PR#337
- New output: MQTT (PR#338
- Templated fields: custom fields generated with Go templates (PR#350
- New output: Zincsearch (PR#360
- New output: Gotify (PR#362
- New output: Spyderbat (PR#368 thanks to @spyder-kyle)
- New output: Tekton (PR#371
- New output: TimescaleDB (PR#378 thanks to @jagretti)
- New output: AWS Security Lake (PR#387
SMTP
output now uses any SASL auth mechanism (PR#341 thanks to @Lowaiz)- Bind
Policy Reports
to Namespace byownerReference
(PR#346 - Add extra labels and annotations for
AlertManager
payloads (PR#347 thanks to @Lowaiz) - Update default type for
Elasticsearch
documents (PR#349 - Support env vars in custom fields (PR#353
- Update format + default endpoint for
Loki
output (PR#356 - Determine resource names + owner ref for
Policy Reports
(PR#358 - Update
Influxdb
output to use API Token and /api/v2 endpoint (PR#359 - Allow to override the
Slack
channel (PR#366 - Add From, To and Date headers in
SMTP
payload (PR#364 - Improve the check of the payload from
Falco
, it allows now to have an empty output (PR#372 - Allow to set user and api key for
Loki
output forGrafana Logs
(PR#379 - Add
hostname
in json payload for all outputs (PR#383 thanks to @Lowaiz) - Add SASL authentication for
Kafka
output (PR#385 thanks to @Lowaiz) and @lyoung-confluent) - Support CEF format for
Syslog
output (PR#386 - Allow to disable STS check for
AWS
output (PR#387
- Fix
priority
label was replaced bysource
inAlertManager
payload (PR#340 thanks to @tks98) - Fix missing cert checks + fix inverted logic to use them in codebase (PR#345
- Fix race condition when headers are added to POST requests (PR#380 thanks to @bc-sb)
- Add
expiresafter
for AlertManager output (PR#323 thanks to @anushkamittal20) - Add
extralabels
for Loki and Prometheus outputs which allow to set fields to use as labels additionally torule
,source
,priority
,tags
andcustomfields
(PR#327)
- Fix Panic for Prometheus metrics when
customfields
are set (PR#333)
- New output: Policy Report (PR#256 thanks to @anushkamittal20)
- New output: Syslog (PR#272 thanks to @bdluca)
- New output: AWS Kinesis (PR#277 thanks to @gauravgahlot)
- New output: Zoho Cliq (PR#301 thanks to @averni)
- Images and Binaries for arm and arm64 (PR#288)
- Sign artifacts with cosign (PR#302)
- Add CI steps to push images into AWS ECR (PR#270 thanks to @maxgio92)
- Allow to choose API endpoint for AlertManager (PR#282 thanks to @mathildeHermet)
- Add label
priority
in AlertManager events (PR#276) - Update Golang + GolangCI-Lint (PR#289 PR#292)
- Add version info (PR#290)
- Update image base to alpine 3.15 (PR#291)
- Increase CircleCI timeout (PR#293)
- Support IRSA for AWS authentication (PR#295 thanks to @VariableExp0rt)
- Add tenant for Loki output (PR#308 thanks to @JGodin-C2C)
- Upgrade endpoint for Loki (PR#309 thanks to @JGodin-C2C)
- Add
tags
andsource
in events for all outputs (PR#310) - Add
custom_fields
to Prometheus series (PR#314 thanks to @LyvingInSync) - Update CircleCI jobs (PR#316)
- Fix OpsGenie output when keys have "." (PR#287)
- Fix typo in README (PR#299 thanks to @oleg-nenashev)
- Fix GCS writer not closed (PR#312 thanks to @Milkshak3s)
- New output: Grafana (PR#254)
- New output: Fission (PR#255 thanks to @gauravgahlot)
- New output: Yandex Cloud S3 (PR#261 thanks to @nar3k)
- New output: Kafka REST (PR#263 thanks to @dirien)
- Set header
x-amz-acl
tobucket-owner-full-control
for outputAWS S3
(PR#264 thanks to @Kaizhe) - Docker image is now available on
AWS ECR Public Gallery
(PR#265 thanks to @maxgio92)
- Fix memory leak with
AddHeaders
method (PR#252 thanks to @distortedsignal)
- New output: Wavefront (PR#229 thanks to @rikatz)
- New output: GCP Cloud Functions (PR#241)
- New output: GCP Cloud Run (PR#243)
- Allow MutualTLS for some outputs (PR#231 thanks to @jasiam)
- Allow Workload identity for GCP output (PR#235 thanks to @cartyc)
- Add basic auth for Elasticsearch output (PR#245 thanks to @distortedsignal)
- Reorder fields in Slackt, RocketChat and Mattermost outputs + sort
customer_fields
alphabetically (PR#226) - Set default values for OpenFaas output (PR#232)
- Re-use session for AWS output instead of deprecated
session.New()
(PR#238 thanks to @dchoy) - Reorganize management of headers for outputs (PR#245 thanks to @distortedsignal)
- Fix init of DogstatsD output (PR#227)
- Remove duplicated logs + fix some of prefixes (PR#228)
- Fif S3 output when "Default encryption" setting is disabled (PR#242 thanks to @Kaizhe)
- New output: AWS S3 (PR#195 thanks to @evalsocket)
- New output: GCP Storage (PR#202 thanks to @evalsocket)
- New output: RabbitMQ (PR#210 thanks to @evalsocket)
- New output: OpenFaas (PR#208 thanks to @developper-guy)
- Use higher level Writer api for Kafka (PR#206 thanks to @zemek)
- Reorder imports to follow good practices (PR#205)
- Prevent misleading error message when CUSTOMFIELDS env var is set (PR#201 thanks to @zemek)
- Use Events v2 API for PagerDuty output (PR#200 thanks to @caWhite)
- Fix outputformat when using fields or text in Slack output (PR#204)
- Fix HTML template for SMTP output (PR#199)
- Include numeric values for
Alertmanager
outputs (PR#177 thanks to to @alsm) - Add
listenaddress
option (PR#187 thanks to to @alsm)
- Fix spelling typos in README (PR#175 thanks to to @princespaghetti)
- Fix several
gosec
issues (PR#179 thanks to to @alsm) - Fix label values with quotes for
Loki
(PR#182)
- New output: STAN (NATS Streaming) (PR#135)
- New output: PagerDuty (PR#164)
- New output: Kubeless (PR#170)
- CI: clean filters (PR#138)
- Replace library for
Kafka
(PR#139) - Re-align code for
NATS
output (PR#159) - Add new endpoint
/healthz
(PR#167) - Change the way to manage Priority (PR#171 thanks to @n3wscott)
- Fix missing metrics for various outputs (PR#145, PR#146, PR#147, PR#148, PR#149, PR#150, PR#151, PR#152, PR#153, PR#154, PR#155, PR#156, PR#157, PR#158)
- New output: Apache Kafka (PR#124 thanks to @KeisukeYamashita)
- New output: Cloudwatch Logs (PR#127 thanks to @cpanato)
- Bump Golang version to
1.15
(PR#128 thanks to @KeisukeYamashita) - Add a contributing document (PR#123 thanks to @cpanato)
- Add a
.dockerignore
for small images (PR#126 thanks to @KeisukeYamashita) - Refactor HTTP server handler (PR#116 thanks to @KeisukeYamashita)
- Add test for
Discord
(PR#117 thanks to @KeisukeYamashita)
- Fix Discord output's Prometheus metrics (PR#118 thanks to @KeisukeYamashita)
- Fix
nil pointer
whenGCP
configuration is incorrect (PR#130)
- New output: Google Chat (PR#107 thanks to @KeisukeYamashita)
- Add test for
Mattermost
(PR#99 thanks to @cpanato) - Add golangci lint (PR#100 thanks to @cpanato)
- Dependecies: update several deps (PR#103 thanks to @cpanato)
- clean a bit the
Circleci
config (PR#106 thanks to @cpanato) - Use
testify
to check the test results (PR#108 PR#112 thanks to @cpanato) - Refactor type assertion in output (PR#110 thanks to @KeisukeYamashita)
- Add test for
Rocketchat
(PR#113 thanks to @cpanato)
- New output: GCP PubSub (PR#97 thanks to @IanRobertson-wpe)
- Custom Headers can be set for
Webhook
output (PR#92)
- Enable of
CircleCI
for unit tests
- New output: AWS SNS (PR#84)
- A
prometheus
exporter is now available for all metrics
The Helm chart has been migrated to falcosecurity/charts, the official repository chart of falco
organization. You can now install it from artifacthub.io.
- New output: Azure Event Hubs (PR#66 thanks to @arminc)
- New output: Discord (PR#61 thanks to @nibalizer)
- Cert validity of outputs can be disabled (PR#74)
- Golang 1.14 is now used for building the Docker image
- Displayed username can be override for Slack, Mattermost and Rocketchat (PR#72)
- Wrong port name was displayed as output of Helm chart
This release is the last one with an Helm chart, the next ones will be in Falco Charts repo
- New output: Rocketchat
- New output: Mattermost
- Allow using Datadog EU site by specifying new variable datadog.host/DATADOG_HOST (PR#59 thanks to @DrPhil)
- Docker Image is based now on last Golang and Alpine images
- Wrong value reference for Elasticsearch output in deployment.yaml
- New output: Webhook
- New output: DogStatsD
- New metrics : running goroutines, number of used CPU
- 💥 Standardization of metric names (to be consistent between expar and (Dog)StatsD)
- 💥 New namespace for metrics (inputs), will be used for future inputs (fifo, gRPC)
- StatsD implementation worked only with DogStatsD (issue #49)
- Fix panic when payload from Falco is empty
- New output: StatsD (PR#43 thanks to @actgardner)
- Fix typo in priority check (PR#42 thanks to @palmerabollo)
- Fix Opgenie config in helm template (PR#41 thanks to @kamirendawkins)
- Add formatted Text in Slack message (PR#40 thanks to @actgardner)
- New output: Opsgenie
- New avatar : with colors and squared
- Duplicated entries when events have non-string fields (PR#38 thanks to @actgardner)
- New output: NATS
- All referencies to previous repository are replaced, falcosidekick is now in falcosecurity organization
- Update of Dockerfile : golang 1.12 + alpine 3.10
- New output: Loki
- New output: SMTP (email)
- New output: AWS Lambda
- New output: AWS SQS (issue #5)
- New output: Teams (issue #30)
- A github page has been created : https://falcosecurity.github.io/falcosidekick/
- Slack tests are now consistant (order of fields in JSON output wasn't always the same, tests failed sometimes for that)
- README : clean up of several typos
- Elasticsearch : An index suffix can be set for rotation (see README) (issue #27 thanks to @ariguillegp)
- A minimum priority for each output can be set
- New output: Influxdb (issue #4)
- Panic happened when trying to add
customfields
but falco event hadn't
- New output: Elasticsearch (issue #14)
- New configuration method : we can now use a config file in YAML and/or env vars (see README) (issue #17)
- New endpoint :
/debug/vars
gives access to Golang + Custom metrics (see README) (issue #17)
- Add a lot of unit tests for code coverage (issue #17)
- Some log outputs have been reformated
- 💥 Some env variables have been renamed again to match fields in YAML config files (see README)
- Panic are now catched to avoid crashes
- All outputs use new generic methods (
NewClient()
+Post()
), new output integration will be easier - 💥 some variables have been renamed to be relevant with their real names in API docs of Outputs
DATADOG_TOKEN
->DATADOG_API_KEY
SLACK_TOKEN
->SLACK_WEBHOOK_URL
/test
sends an event with a timestamp set at now
- Change
SLACK_HIDE_FIELDS
forSLACK_OUTPUT_FORMAT
, you can now choose how events are displayed in Slack
- Add
SLACK_HIDE_FIELDS
env var, to enable concise output in Slack (fields are not displayed) (issue #15)
- Remove
/checkPayload
endpoint, not usefull anymore - Change of how enabled/disabled outputs are printed in log (more concise view)
- Falco's payload is printed in log if
DEBUG=true
- Add a
/test
endpoint which sends a fake event to all enabled outputs - Add a
DEBUG
env var, if enabled, payload for enabled outputs will be printed in stdout
- Reformate some logs outputs to be nicer
- Add a check on payload's body from falco to avoid to send empty's ones to outputs
- Use of go mod is Dockerfile for build (PR#1 thanks to @perriea)
- Add email maintener in Dockerfile (PR#1 thanks to @perriea)
- New output: Alert Manager
- Add status of posts to Outputs in logs (stdout)
- Update changelog
- Update README with new Slack Options + more info
- New Slack Options :
SLACK_FOOTER
,SLACK_ICON
- New Slack Options :
SLACK_FOOTER
,SLACK_ICON
- Add output status in log to get those which are enabled
- Check of
LISTEN_PORT
ininit()
: port must be an integer between 1 and 65535 - Long string in slack field values are not splitten anymore
- Some log level tags were missing
- Fix cert errors in alpine (PR#1 thanks to @palmerabollo)
- First tagged release