Introduce Permission for Viewing Analysis Reports of Other Accounts
INTRODUCE PERMISSION FOR VIEWING ANALYSIS REPORTS OF OTHER ACCOUNTS
This introduces a new permission "Can View Analysis History". With this permission, a user is able to view the history of file and URL analysis submissions performed by any account under Analyst -> Submission History. Users without this permission are only able to view their own submissions.
Previously, only users with administrator permissions were able to view submissions from other accounts.
This new feature was tracked internally as FEAT-7762
Detection Improvements
LLAM-10326: Reduced false positives in script behavior analysis
NSX NDR END-OF-LIFE (EOL) ANNOUNCEMENT FOR ANALYST AND PINBOX (ALL-IN-ONE) APPLIANCES
After August 31, 2023, Pinbox and Analyst appliances will no longer be supported by VMware. If you are currently using a Pinbox or Analyst appliance, please review the following VMware KB article: https://kb.vmware.com/s/article/92399
CHANGING SENDER ADDRESS FOR EMAILS TO CUSTOMERS
Due to a change in our email hosting service, we will be changing the sender address for emails sent to customers from no-reply@lastline.com to no-reply@vmware.com. Customers should make appropriate adjustments to spam filters and tools to accept emails from this new address. The exact date of the change will be announced in …continue.
Version 9.7.4
NSX NDR END-OF-LIFE (EOL) ANNOUNCEMENT FOR ANALYST AND PINBOX (ALL-IN-ONE) APPLIANCES
After August 31, 2023, Pinbox and Analyst appliances will no longer be supported by VMware. If you are currently using a Pinbox or Analyst appliance, please review the following VMware KB article: https://kb.vmware.com/s/article/92399
CHANGING SENDER ADDRESS FOR EMAILS TO CUSTOMERS
Due to a change in our email hosting service, we will be changing the sender address for emails sent to customers from no-reply@lastline.com to no-reply@vmware.com. Customers should make appropriate adjustments to spam filters and tools to accept emails from this new address. The exact date of the change will be announced in …continue.
Version 9.7.3
NSX NDR END-OF-LIFE (EOL) ANNOUNCEMENT FOR ANALYST AND PINBOX (ALL-IN-ONE) APPLIANCES
After August 31, 2023, Pinbox and Analyst appliances will no longer be supported by VMware. If you are currently using a Pinbox or Analyst appliance, please review the following VMware KB article: https://kb.vmware.com/s/article/92399
Detection Improvements
LLAM-10241: Improved detection of PolyRansom malware
LLAM-10328: Improved detection of malwares related to 3CS Supply Chain Attack
Bug Fixes and Improvements
FEAT-8080: OS updates now include Ubuntu Expanded Security Maintenance (ESM) updates for the Bionic 18.04.6 OS. To continue receiving support and patches for Bionic, please update appliances to this version. For information on ESM updates, review the following VMware …continue.
Version 9.7.2
New Features
Support for analysis of OneNote documents
SUPPORT FOR ANALYSIS OF ONENOTE DOCUMENTS
NSX NDR supports analysis of OneNote documents: OneNote file (mime-type: application/onenote) and OneNote package (mime-type: application/vnd.ms-onepkg-compressed).
This new feature was tracked internally as FEAT-8013
Detection Improvements
LLAM-10198: Improved detection of RTF documents exploiting CVE-2023-21716
Bug Fixes and Improvements
PLTF-3491: Updated the Active Directory integration to accommodate the Microsoft security patch (KB5004442), which hardens the DCOM protocol utilized for connecting to Windows Domain Controllers
LLDOC-540: Updated the Active Directory Integration Guide to state that the newly created Domain Controller account must belong to the "Event Log Readers" group to associate events in the monitored network.
Ability to disable home-net filtering on sensor appliances
ABILITY TO DISABLE HOME-NET FILTERING ON SENSOR APPLIANCES
Sensor appliances default to using the home network configuration of the appliance to filter out from processing expensive events happening outside of the home network range. For instance, a file transfer happening between endpoints that are both outside the defined home network would not be analysed.
It is now possible to disable this behavior by means of an override to be added to the sensor appliance to disable the home network filtering. If you are interested in applying this change, please reach out to VMware Technical …continue.
Version 9.7
New Features
Support enabling SSH password authentication for additional users
Support essentials-only backup for HA standby setup and takeover
New AI-based classifier for Windows PE files
Malware Analysis pipeline throughput optimization
Intelligent Anti-Malware Signatures for Windows PE files
SUPPORT ENABLING SSH PASSWORD AUTHENTICATION FOR ADDITIONAL USERS
Support has been added to specify additional user accounts that can access the system console or via SSH using password authentication. The installation manual contains steps to configure this feature.
This new feature was tracked internally as PLTF-3240
SUPPORT ESSENTIALS-ONLY BACKUP FOR HA STANDBY SETUP AND TAKEOVER
Setting up a Standby Manager for High Availability requires first performing a full backup and creating a …continue.
Version 9.6.1
New Features
Detection Improvements
LLAM-9126: Improved detection for SessionManager backdoor.
LLAM-8911: Improved detection for AvosLocker family Linux-variant.
LLAM-8663: Improved detection of Cyclops Blink ELF trojan.
LLAM-9140: Improved detection of RedAlert ransomware
Bug Fixes and Improvements
PLTF-3272: Fixed upgrade failure from release 9.5.1 or older, caused by unsatisfied dependencies of the "tllod-storage" package.
LLANTA-2492: Fixed a missing package dependency declaration that in some cases could lead to an installation failure for data nodes.
LLANTA-2533: Fixed a bug in the handling of certificate bundles that prevented parts of the NTA component to run.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes …continue.
Version 9.6
New Features
AI-based scoring in Anti-Malware Sandbox
Prefilter for Scripts
Suricata 6 IDS Engine
AI-BASED SCORING IN ANTI-MALWARE SANDBOX
The new AI-based scoring logic was introduced in Anti-Malware Sandbox to increase the quality of the detection and significantly reduce the number of false positives.
This new feature was tracked internally as FEAT-5239
PREFILTER FOR SCRIPTS
A new script prefiltering component reduces the load on customer's infrastructure by filtering out clearly benign scripts from the sandbox analysis.
This new feature was tracked internally as FEAT-6141
SURICATA 6 IDS ENGINE
The sensor ships with an updated version of the Suricata IDS Engine, updated to version 6.0.4. This leads to a number of performance …continue.
Version 9.5.3
New Features
Support for PERC H750 RAID controller
SUPPORT FOR PERC H750 RAID CONTROLLER
Added support for PERC H750 raid controller
This new feature was tracked internally as FEAT-7359
Detection Improvements
LLAM-8565: Improved detection for modified UPX PE samples and .NET-based SharePoint user profile sync PUA PE samples.
LLAM-8554: Improve detection of Linux Roothelper exploit
LLAM-8530: Improved detection of Ryucurrency miners
LLAM-8551: Improved detection for truncated ELF samples
Bug Fixes and Improvements
FEAT-7432: Updated kernel to version 5.4.0. Appliances will require a restart to use the new kernel.
LLCC-2748: Extended expiration date of GPG key used for signing appliance actions.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in …continue.
