- Added collection of syscall metrics
- Added collection of auoms process CPU and MEM consumtion metrics
- Added system CPU and MEM metrics
- Added collection of event metrics
- Changed event accumulator so it uses steady clock for tracking event
age instead of event id. Added more efficient LRU list.
- Changed so PATH records values are accumulated in a fixed set of
fields where each field value is a JSON array of values ordered
by PATH record order.
- Changed SYSCALL event type from AUOMS_EXECVE to AUOMS_SYSCALL
- Changed to include proctitle in non-execve syscall events.
- Fixed "-S all" and "-S <number>" rule handling.
- Fix std::function arg passing, make move semantics explicit.
- Move event filter logic into seperate class.
- Fix code so unit tests pass.
- Fix json encoding of escaped values.
- Remove exit(1) from ProcessNotify.
- Fix ProcessNotify/ProcessTree Stop().
- Fix parsing of INTEGRITY_POLICY_RULE records.
- Fix thread stack leak.
Tad Glines
Seth Rait
Manikyam Bavandla
Kevin Sheldrake