Lastline Analyst and Detonator On-Premises Release Notes

New features

• Improved interface for managing licenses and sensors
• More granular permissions for downloading analyzed files
• Audit log extensions
• Improved analysis of URLs embedded in Microsoft Office documents
• Bug fixes and improvements

Improved interface for managing licenses

The interface for viewing and managing license information has been redesigned, and now provides the following pages.

• License details page for managing license details such as organization and contact information

• Licenses page lists all active and non active licenses

More granular permissions for downloading analyzed files

This release adds two new permissions that provide granular control for access to analyzed files.

• The "can_access_analyzed_files" permission allows users to download files of less sensitive types that were analyzed by Lastline. These are files such as executables and scripts that are less likely to include sensitive information.

• The "can_access_sensitive_analyzed_files" permission allows users to download files of more sensitive types that were analyzed by Lastline. These are files such as Office documents or PDFs, that are more likely to include sensitive information. This permission does not imply "can_access_analyzed_files", so both permissions should be granted individually.

Note that, as for all permissions, accounts with administrator permission implicitly have these new permissions as well. Other users who wish to download analyzed files will need to request these permissions from their administrator.

Audit log extensions

With this release, additional information will be included in the audit log which is available in the Lastline portal, API, and in audit log notifications.

• Include updates to license information

Improved analysis of URLs embedded in Microsoft Office documents

With this release, the analysis system will extract and follow URLs embedded in more types of documents (specifically Microsoft Office) submitted for analysis. Any anomalies found as part of the URL analysis are included in the classification of the originally analyzed document.

Bug fixes and improvements

• Fix bug that caused incorrect URLs to be included in notification messages delivered by mail, Syslog and other notification backends. Due to this bug, the URLs linking to the Manager's portal would omit the "user." prefix of the hostname and include a double "/" character between hostname and path.
• Fix bug that could prevent configuring syslog notifications through the Portal, because the form's save button would not become active.
• When performing a backup over ssh, no longer verify destination archive by listing archive contents. This step was redundant to other verification steps and could lead to timeout issues for extremely large backup archives.
• Fix memory consumption problem in classification of corrupted CDF documents.
• Improved robustness when handling base64-encoded files.
• Display also SHA256 hash of analyzed file in analysis report overview.

Deprecation of API methods

The following API methods of the legacy API (/ll_api/ll_api) are being deprecated in this version:

• query_license_details
• update_license_details

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Furthermore, with this release we are deprecating the legacy malscape api (/malscape). Functionality that replaces this API is available in the analysis module of the Lastline API. Additionally, analysis functionality can be accessed directly through the Lastline Analyst API.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On Premise:

• Lastline Analyst version 716.2