Version 7.2
New features
- Improved Analysis report overview
- Improved Analysis report timeline
- Download process snapshots of analyzed processes
- Information on appliance actions in audit log
- Resizable table columns in portal
- Support for multiple network interfaces/IP addresses
- Various improvements to the analysis engine to improve detection effectiveness, performance and robustness.
Improved Analysis report overview
The overview displayed for Analysis results has been improved, adding more information to the table displaying detected activities:
- Display "Severity" value in the 0-100 range to indicate which detected activities are malicious
- Display icons indicating on which operating systems the activity was detected
- For activities that support it, provide a direct link to timeline view filtered to display only actions related to that activity.
Improved Analysis report timeline
The timeline view of Analysis reports has been improved in a number of ways:
- Filter by activity: The timeline view can now be filtered to display only actions relevant for a specific detected activity
- Stack depth filter: The timeline view can now filter the actions to display based on the depth of the call stack
- Process and thread views: The timeline view now displays actions on one line for each process, rather than for each thread. When a process is selected, the view switches to displaying one line per thread.
- Improved Action Table: The table listing actions in the timeline view has been improved to make important information immediately accessible.
- Improved category selection: The interface for selecting action categories (such as file, registry, process,..) has been improved. Double-clicking on one category will now select only that category. Unselecting the last selected category will now select all categories again.
Download process snapshots of analyzed processes
Download of full-process snapshots in the Lastline process_snapshot format (.LLS file). This snapshot type is generated for all 32-bit or 64-bit processes that are tracked during the analysis. For each process, the process snapshot file contains allocated memory sections/areas mapped during the analysis, as well as metadata describing the placement of these different memory sections within the process memory and how the content/placement changes over time. These snapshots can be loaded into IDA-Pro using a dedicated loader, as described in the API documentation.
Information on appliance actions in audit log
The audit log available in the Lastline Portal and API now includes information on appliance actions triggered through the Portal or API
- Configuration changes
- Upgrades
- Reboot commands
The audit log UI has also been improved to better display audit events with a lot of parameters, such as appliance configuration changes.
Resizable table columns in portal
Tables throughout the Lastline Portal have been improved to support drag-and-drop resizing of table columns.
Support for multiple network interfaces/IP addresses
Starting from this version it is possible to configure an appliance with multiple IP addresses over multiple network interfaces and have the appliance services accessible from all of them.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances:
- Lastline Analyst version 702
Deprecation of API methods
The following API methods of the legacy API (/ll_api/ll_api) are being deprecated in this version:
- query_default_key
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.