I’m pleased to announce the first production-ready release of Fibratus. The tool is now available via the pip package manager by typing pip install fibratus (the C compiler is required to build the kernel stream collector). The multiprocessing and Python serialization don’t play well together when compiled with nuitka. Until I figure out how to make it work I’ll not ship the compiled versions of Fibratus.

What’s new

There are a bunch of new features and bug fixes in this release:

• filament’s execution model allows scheduling the execution of the filament in a new process
• streaming kernel events via output adapters (SMTP and AMQP are supported)
• yaml based configuration file
• interval based scheduling inside the filaments
• writing to console using the standard Windows API
• asciiart package to group the common table drawing functionality
• shipping new filaments (top_in_packets, top_out_packets, top_hives_io)
• resolve filaments directory from the environment variable
• --no-enum-handles command line flag to disable the system handles enumeration
• setuptools script for building the Fibratus distribution
• hosting Fibratus on PyPi
• check for the kernel event filters when calling the process method on filament
• initialize the kernel event parameters when hive or key does not satisfy the condition in RegSetValue or RegQueryValue
• fixed style violations and code smells
• migrated from coveralls to codecov platform
• improved code coverage
• code refactoring and comments

If you have any feedback, you can reach out via Github or drop me an email.

---