Lastline Analyst and Detonator On-Premises Release Notes

Version 9.5.2

Bug Fixes and Improvements

  • PLTF-3001: Shorten HA virtual IP label suffix to support interface names of up to 10 characters. This issue would cause the VIP to be unreachable only in certain installations when the interface name is longer than expected. The issue only affects installations that are running a software version between 9.4 and 9.5.1, AND are using the Bionic Ubuntu distribution.
  • PLTF-2994: Fix parsing of network interfaces in the status reporter on appliances that are using bonded network interfaces.
  • USER-5639: This tickets fixes the 404 error when user try to access manuals in on-prem UI.
  • LLAM-8420: Fixed sandbox images download issue primarily continue.

Version 9.5.1

Bug Fixes and Improvements

  • USER-5640: Added missing checkbox to login screen which allows the user to select whether or not to login with LDAP.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Analyst On-Premises and Lastline Detonator On-Premises:

  • Lastline Analyst version 1120.1

and for Lastline Detonator On-Premises:

Version 9.5

New Features

  • Permalink Option for Interactive Analysis Reports
  • Support for license-based permissions for custom intel
  • Change default NTP server to ntp.lastline.com

PERMALINK OPTION FOR INTERACTIVE ANALYSIS REPORTS

The permalink features allows for a link to an interactive Malware Analysis report to be made available to others within the organization without the need to log in to the NSX Defender Portal to view the details. To create a shareable report permalink, click on the "Share Report" button when viewing an Analysis Report.

This new feature was tracked internally as FEAT-6081

SUPPORT FOR LICENSE-BASED PERMISSIONS FOR CUSTOM INTEL

The "can view custom threat intelligence entries" and "can manage custom continue.

Version 9.4.5

New Features

We are planning on changing the public IP addresses that are used by Lastline backend services to reflect our move away from an older datacenter provider to more scalable infrastructure. These are the IP addresses assigned to lastline.com contacted by Lastline appliances (such as log.lastline.com, user.lastline.com, management.lastline.com, update.lastline.com, and anonvpn.lastline.com) when accessing services like cloud APIs and image registries. This will affect both hosted and on-premise installations of all Lastline products.

It is required that these IP addresses are permitted by firewall rules to prevent service issues when these IP addresses are expected to go live by August 31st 2021.

The new IP continue.

Version 9.4.4

Detection Improvements

  • LLAM-7335: Improved detection of malware detecting the presence of known hypervisors via CPUID instruction.
  • LLAM-7313: Improved detection for samples that overrides SEH with a custom handler.
  • LLAM-7057: Improved detection of XLSB documents that make use of malicious formulas.

Bug Fixes and Improvements

  • LLAM-7173: Fix to an issue where phishing denylist could not be updated when an appliance was behind a proxy

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released continue.

Version 9.4.3

Bug Fixes and Improvements

  • PLTF-2402: Improved encryption of HTTPS traffic to the appliances (Manager, Analyst and Pinbox) by restricting the cipher suites supported by the web server to enforce stronger encryption in accordance with industry best practices.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of the appliances for use with NSX Analyst On-Premises:

Version 9.4.2

New Features

Detection Improvements

  • LLAM-6948: Improved detection of corona family.

Bug Fixes and Improvements

  • FEAT-6795: The license of a 3rd party component used in the Lastline analysis pipeline has been updated, the previous license was scheduled to expire May 15th 2021. Please update your On-Premises environment to version 9.4.2 by May 15th to receive continued signature updates. Failure to upgrade before this day may result in additional False Negative detections for new malware variants.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information continue.

Version 9.4.1

New Features

Detection Improvements

Bug Fixes and Improvements

  • PLTF-2215: Fixed a bug that caused Network IoC notifications to be disabled On-Premises
  • PLTF-2276: Fixed SAML SSO configuration issue observed on bionic appliances.
  • USER-5072: Fixed an issue where inappropriate permissions were being set while creating multiple user accounts.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for continue.

Version 9.4

Distribution Upgrade

Version 9.4 will be the final version that supports Ubuntu Xenial as the operating system distribution. In all future releases, Ubuntu Bionic will be required. To support this distribution upgrade, 9.4 will support both Ubuntu Xenial and Ubuntu Bionic. Before upgrading to any future version, appliances on Ubuntu Xenial must be upgraded to Ubuntu Bionic while running version 9.4. The upgrade of the distribution will require a reboot and may take up to an hour to complete.

You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the continue.

Version 9.3.2

Bug Fixes and Improvements

  • ATAT-733: Configured dnsmasq to listen on a single socket for all network interfaces, instead of listening on one socket per network interface, in order to prevent dnsmasq from opening too many sockets.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release. The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Analyst On-Premises:

Previous Next