Introduce Permission for Viewing Analysis Reports of Other Accounts
INTRODUCE PERMISSION FOR VIEWING ANALYSIS REPORTS OF OTHER ACCOUNTS
This introduces a new permission "Can View Analysis History". With this permission, a user is able to view the history of file and URL analysis submissions performed by any account under Analyst -> Submission History. Users without this permission are only able to view their own submissions.
Previously, only users with administrator permissions were able to view submissions from other accounts.
This new feature was tracked internally as FEAT-7762
Detection Improvements
LLAM-10326: Reduced false positives in script behavior analysis
NSX NDR END-OF-LIFE (EOL) ANNOUNCEMENT FOR ANALYST AND PINBOX (ALL-IN-ONE) APPLIANCES
After August 31, 2023, Pinbox and Analyst appliances will no longer be supported by VMware. If you are currently using a Pinbox or Analyst appliance, please review the following VMware KB article: https://kb.vmware.com/s/article/92399
CHANGING SENDER ADDRESS FOR EMAILS TO CUSTOMERS
Due to a change in our email hosting service, we will be changing the sender address for emails sent to customers from no-reply@lastline.com to no-reply@vmware.com. Customers should make appropriate adjustments to spam filters and tools to accept emails from this new address. The exact date of the change will be announced in …continue.
Version 9.7.4
NSX NDR END-OF-LIFE (EOL) ANNOUNCEMENT FOR ANALYST AND PINBOX (ALL-IN-ONE) APPLIANCES
After August 31, 2023, Pinbox and Analyst appliances will no longer be supported by VMware. If you are currently using a Pinbox or Analyst appliance, please review the following VMware KB article: https://kb.vmware.com/s/article/92399
CHANGING SENDER ADDRESS FOR EMAILS TO CUSTOMERS
Due to a change in our email hosting service, we will be changing the sender address for emails sent to customers from no-reply@lastline.com to no-reply@vmware.com. Customers should make appropriate adjustments to spam filters and tools to accept emails from this new address. The exact date of the change will be announced in …continue.
Version 9.7.3
NSX NDR END-OF-LIFE (EOL) ANNOUNCEMENT FOR ANALYST AND PINBOX (ALL-IN-ONE) APPLIANCES
After August 31, 2023, Pinbox and Analyst appliances will no longer be supported by VMware. If you are currently using a Pinbox or Analyst appliance, please review the following VMware KB article: https://kb.vmware.com/s/article/92399
Detection Improvements
LLAM-10241: Improved detection of PolyRansom malware
LLAM-10328: Improved detection of malwares related to 3CS Supply Chain Attack
Bug Fixes and Improvements
FEAT-8080: OS updates now include Ubuntu Expanded Security Maintenance (ESM) updates for the Bionic 18.04.6 OS. To continue receiving support and patches for Bionic, please update appliances to this version. For information on ESM updates, review the following VMware …continue.
Version 9.7.2
New Features
Support for analysis of OneNote documents
SUPPORT FOR ANALYSIS OF ONENOTE DOCUMENTS
NSX NDR supports analysis of OneNote documents: OneNote file (mime-type: application/onenote) and OneNote package (mime-type: application/vnd.ms-onepkg-compressed).
This new feature was tracked internally as FEAT-8013
Detection Improvements
LLAM-10198: Improved detection of RTF documents exploiting CVE-2023-21716
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline appliances …continue.
Version 9.7.1
New Features
Detection Improvements
LLAM-10033: Improved detection accuracy for CheatEngine
LLAM-10013: Improved accuracy of detection of suspected shellcode instructions
LLAM-9820: Improved detection of Brute Ratel
LLAM-9885: Improved detection of Nighthawk implants
LLAM-10054: Improved detection of Royal ransomware
LLAM-10043: Improved detection of Netsupport Rat
LLAM-9972: Improved detection of Coinminer
LLAM-9970: Improved accuracy of detection for ELF files
LLAM-9951: Improved detection of XMRigMiner
LLAM-9989: Improved detection of Merlin Agent
LLAM-10067: Improved detection of ESXiArgs ransomware
LLAM-10036: Improved detection of LNKRunner
LLAM-10032: Improved accuracy of detection for obfuscated applications
LLAM-10034: Improved accuracy of detection of ransomware
LLAM-9940: Improved detection of Jumplump
LLAM-9216: Improved detection of KNOTWEED malware
LLAM-9941: Improved detection of Jumplump dropper
LLAM-9837: Improved detection of Blackbasta
LLAM-8450: Improved detection of Sysjoker …continue.
Version 9.7
New Features
Support enabling SSH password authentication for additional users
Support essentials-only backup for HA standby setup and takeover
New AI-based classifier for Windows PE files
Malware Analysis pipeline throughput optimization
Intelligent Anti-Malware Signatures for Windows PE files
SUPPORT ENABLING SSH PASSWORD AUTHENTICATION FOR ADDITIONAL USERS
Support has been added to specify additional user accounts that can access the system console or via SSH using password authentication. The installation manual contains steps to configure this feature.
This new feature was tracked internally as PLTF-3240
SUPPORT ESSENTIALS-ONLY BACKUP FOR HA STANDBY SETUP AND TAKEOVER
Setting up a Standby Manager for High Availability requires first performing a full backup and creating a …continue.
Version 9.6.1
New Features
Detection Improvements
LLAM-9126: Improved detection for SessionManager backdoor.
LLAM-8911: Improved detection for AvosLocker family Linux-variant.
LLAM-8663: Improved detection of Cyclops Blink ELF trojan.
LLAM-9140: Improved detection of RedAlert ransomware
Bug Fixes and Improvements
PLTF-3272: Fixed upgrade failure from release 9.5.1 or older, caused by unsatisfied dependencies of the "tllod-storage" package.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions …continue.
Version 9.6
New Features
AI-based scoring in Anti-Malware Sandbox
Prefilter for Scripts
AI-BASED SCORING IN ANTI-MALWARE SANDBOX
The new AI-based scoring logic was introduced in Anti-Malware Sandbox to increase the quality of the detection and significantly reduce the number of false positives.
This new feature was tracked internally as FEAT-5239
PREFILTER FOR SCRIPTS
A new script prefiltering component reduces the load on customer's infrastructure by filtering out clearly benign scripts from the sandbox analysis.
This new feature was tracked internally as FEAT-6141
Detection Improvements
LLAM-8537: Improved detection of patched UPX packed samples.
FEAT-7287: Improved correlation of lateral movement activity into campaigns. In particular, various types of server-side lateral movement are now better supported.
