Version 7.0
New features
- Notifications for appliance status
- Improved Flash analysis
- Document structure display
- Malware sample sharing
- Analysis report timeline
- Additional appliance metrics graphs
- Improved password reset functionality
Notifications for appliance status
Users can now configure their Lastline installation to deliver notifications of appliance status by email, syslog/SIEM or generic HTTP POST. For this, the existing email notification, syslog/SIEM integration and generic HTTP integrations have been extended to support new notification types. Depending on configuration, users may receive notifications:
- Whenever an information message, warning or error is logged, as displayed in the appliance monitoring logs
- Whenever an appliance's status is reporting a warning or error
- Whenever an appliance checks in, or fails to check in and is therefore considered to have gone offline
- Whenever a configuration action on an appliance fails, as displayed in the appliance action logs
This should allow users to receive notifications for in situations where the Lastline Portal is reporting a warning or error for an appliance.
Note that existing notification configurations will not be automatically modified to enable appliance status notifications. Users with existing notification configuration will need to extend them by adding the new triggers for appliance status notifications to the existing configurations.
Improved Flash analysis
We now support sending Flash files for in-depth analysis in our analysis engine via both the UI and the analysis API. The results of the analysis include dynamic properties, such as the call graph obtained by running the sample and the strings found during the analysis, as well as structural, static properties such as the file's tags.
Document structure display
The UI for displaying document analysis results now includes a "Structure" tab that displays structural properties of a file, such as its data streams, macros and its textual content.
Analysis report timeline
Analysis reports for Windows executables as well as Office documents can now be displayed in different formats. In addition to the already existing report format, which displays high level operations performed during analysis grouped by the analysis subject (process) that performed them, a timeline view is now available.
The timeline shows the actions performed by indvidual threads under analysis, in the order they were performed. The view can be filtered by zooming in using the view finder below the graph, or by selecting specific classes of actions to display (such as File, Registry or Process actions).
Malware sample sharing
With this release customers are able to automatically share malicious executable files with the Lastline Cloud to help expand the Lastline Knowledge Base and contribute to the Lastline community. Customers that do not wish to participate can disable this functionality. Refer to the online documentation or contact Lastline customer support for additional information.
Additional appliance metrics graphs
In addition to the System metrics page, the Lastline Portal now displays graphs for additional metrics about Lastline appliances:
- Network metrics: displays metrics about network monitoring, such as traffic processed or files captured. This page is applicable to SENSOR and PINBOX appliances.
- Mail metrics: displays metrics about mail analysis, such as number of mails processed or mail attachments analyzed, or the status of mail analysis queues. This page is applicable to SENSOR and PINBOX appliances that have mail analysis enabled.
- Analysis metrics: displays metrics about analysis of artifacts, such as the number of artifacts (files or URLs) analyzed, or the status of analysis queues. This page is applicable to MANAGER, ENGINE, ANALYST and PINBOX appliances.
Improved password reset functionality
The password reset functionality for users who have lost their password has been revamped to improve the security and convenience of the password reset process.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances:
- Lastline Analyst version 700
Deprecation of API methods
No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.