Prepare for v0.17.0

[yanivagman]

🚨 Breaking changes 🔨

1. New policy format

Tracee policies were changed to be compatible with kubernetes CRDs. The new format will allow users to have the same policy as a file, and later as a Kubernetes' resource.

eg:

apiVersion: aquasecurity.github.io/v1beta1
kind: TraceePolicy
metadata:
  name: dig
  annotations:
    description: traces dns events from the dig binary
spec:
  scope: 
    - binary=/usr/bin/dig
  rules:
    - event: net_packet_dns_request        
    - event: net_packet_dns_response

2. defaultActions field is no longer mandatory, and it now only supports the action print.

Tracee's policies used to allow a policy to have actions like log, webhook and fluentd. But this was creating a very complex configuration, for a feature not used. Now policies still support defaultActions, but the only action it supports is print, where to print is configured as you start tracee on the command line, or the configuration file.

Eg, to send the events on the sample policy above to an webhook, we can start tracee with:

sudo tracee --output webhook:http://localhost:8080 -p path/to/policy.yaml

3. Filter flag removed and split to events and scope flags

🚀 What's new? 🚀

📩 Filter flag removal and split 🔔

In this release, we've made significant enhancements to event filtering CLI.

New Flags for Enhanced Filtering

• Use --scope to precisely capture events within specified scopes, such as 'comm', 'binary', 'pid', 'uid', 'mntns', 'pidns', 'uts', 'tree', 'follow', and 'container'.
• Utilize --events to define specific events and apply userland filters like 'args', 'retval', and 'context' to tailor filtering according to your needs.

Simplified Event Sets

• The set option has been also removed. Instead, use --events to define sets of events to be captured. For example, use --events fs to capture filesystem-related events.

🦄 Misc 💐

• perf: Grafana dashboard has grown and improved
• ux: Help command is removed, moving flags help information to markdown files

🔨 Fixes 👷

• mntns and pidns filters are now working as expected