This release addresses the issue caused by a fix in Insight Agent version 4.0.15 to improve the file information job's memory use when reading large filesystems. This caused delayed InsightVM vulnerability assessments in a small number of Insight Agent installations.
The following changes are being re-released after being previously reverted on March 13, 2025.
Improved
- Linux and MacOS Process Start events collected by the Insight Agent now include the
Current working directoryfield. Windows Process Start events collected from Insight Agents with the Events Monitor component include theImport hashandCurrent working directoryfields. - Windows Event Log payloads now include the
data.eventData(ordata.userData) field corresponding to the EventData (or UserData) field from the Windows event. This allows users to query or write detection rules on key/value pairs in Windows Event insertionStrings.
Fixed
- We fixed a bug that caused the Insight Agent to sometimes take over a minute to stop if the Insight Agent also had a pending metrics update.
- We restored key/value pairs in Windows Events that were removed in a previous release so that custom detection rules will work as expected.
- We reduced the likelihood that the Insight Agent's real-time monitoring process will be shut down unnecessarily on macOS 15 assets with low memory resources.
- We fixed an issue that caused the Insight Agent logs to incorrectly report that a process failed to terminate, despite the process terminating successfully.
- We added support for an updated
add_userauditd event schema used in some newer Linux distributions. The Insight Agent's realtime monitoring job no longer fails to parse events using the new schema.