Version 7.3
New features
- Notifications for audit events
- Improved notification configuration UI
- Improved account management page
- Include account actions in audit log
- RADIUS authentication
- URL analysis report improvements
- Bug fixes and improvements
Notifications for audit events
Our syslog (SIEM) notifications, generic HTTP notifications and email notifications now also support notification of audit events.
Actions performed by a user on the portal, such as configuring an appliance or adding a user, will now also result in a notification being sent, if configured. Note that existing notification configurations are not being automatically updated to include this new type of message, so customers with existing notification configurations will have to enable audit event triggers in these configurations to start receiving these messages.
The syslog notification format version that includes these new messages is version 7.3. The formats of audit event syslog and HTTP messages are described in the integration guides available on the manuals page.
Improved notification configuration UI
The user interface for configuring notification integrations has been improved to better support the increased complexity of this functionality. The different types of triggers that can lead to notifications are now displayed in separate tables, and can now be enabled or disabled in bulk:
- appliance triggers (for appliances status)
- audit triggers (for audit events)
The portal guide has also been updated to describe the new configuration UI.
Improved account management page
The (account management page)[/settings#/account/] has been improved.
-
Added functionality to block or unblock an account. Blocking an account is now the recommended way of disabling an end user's access to the system.
-
Certain sensitive operations on accounts, such as changing the password or email address of an account, now require the user to provide their password again for verification.
-
Fix bug that prevented adding some permissions again after they had been removed.
Include account actions in audit log
Audit log now includes additional events related to account management:
- account created
- account deleted
- account blocked
- account unblocked
- account edited
- account password changed
- account email changed
- password reset was requested
- password reset was performed
RADIUS authentication
The Lastline portal of an on-premise installations can now be configured to use the RADIUS protocol to authenticate users through a centralized authentication server. The integration guide available from the manuals page, describes how to make use of this integration.
URL analysis report improvements
- Improved the detection of malicious code
- Improved the display of interesting scripts
- Improved the identification of malicious URLs among the list of those that were visited
Bug fixes and improvements
- Improved file classification accuracy and performance for text files as well as prefix-obfuscated MIME archives and MS Word documents
- Improved document analysis and filtering to increase analysis throughput for benign documents
- Fix for spurious appliance error status when clock is in the future by a few seconds
- Fix bug that prevented users from configuring integrations if main customer account had been deleted
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Analyst On Premise:
- Lastline Analsyt version 703.1
Deprecation of API methods
The following API methods of the legacy API (/ll_api/ll_api) are being deprecated in this version:
- query_account_details
- query_accounts
- delete_account
- update_account
Furthermore, the following deprecated methods of the legacy API are being removed in this version:
- query_default_key
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.