Lastline Analyst and Detonator On-Premises Release Notes

Version 5.1

New features

  • Java analysis improvements
  • Analysis report improvements
  • Flexible schedule updates
  • Revamped web interface for Appliance Management
  • Backup improvements
  • Minor fixes
  • Appliances list improvements

Java analysis improvements

The detection of malicious Java code has been improved supporting in-depth analysis of Java applets. Additional information about applets is displayed in the analysis report, including the name and hashes of individual files contained in an applet. See this report for an example of a Java analysis.

Analysis report improvements

The analysis report pages have been improved in several ways:

  • they now load faster
  • when available, they offer the ability of seeing reports obtained by analyzing a sample in different analysis environments (e.g., in Windows XP and Windows 7);
  • they include the new annotation code (first used in events and incidents pages) to add comments to analysis reports
  • process snapshots now include the timestamp when the snapshot was taken
  • information about key logging behavior is exposed in analysis reports. See our recent blog post for more information on our key logging detection capabilities.
  • the server’s IP address and the SHA1 hash of requests is exposed in web reports

Flexible schedule updates

Analysts will be upgraded if the they have automatic updates enables as soon as they appear online with an old version.

Revamped web interface for Appliance Management

  • Various minor improvements in the web UI displaying appliance status and configuration
  • Ability to manually and remotely upgrade an appliance if automatic updates are disabled for that appliance
  • Display of the latest reconfiguration actions executed or pending on the Analyst

Backup improvements

The support for backing up Lastline Analysts that was introduced in version 5.0 has been extended and improved:

  • Storage configuration are tested on creation to ensure they are accessible
  • Test button next to backup or storage configuration can be used to test backup storage at any time
  • A new jobs view provides list of backup jobs with corresponding status, duration, backup size and, in case of failure, error message.
  • Backup configurations can now be set to manual only, so they do not run periodically
  • Improved robustness of backup process
  • Minor bugfixes

Minor fixes

  • Bugfix in file analysis reports: the malicious activity section and the memory dumps section in certain circumstances could display incomplete or incorrect information

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use on-premise:

  • Lastline Analyst version 582.3
5.0 5.1.1