Lastline Network and Email Defender On-Premises Release Notes

Version 9.7.2

New Features

  • Support for analysis of OneNote documents

SUPPORT FOR ANALYSIS OF ONENOTE DOCUMENTS

NSX NDR supports analysis of OneNote documents: OneNote file (mime-type: application/onenote) and OneNote package (mime-type: application/vnd.ms-onepkg-compressed).

This new feature was tracked internally as FEAT-8013

Detection Improvements

  • LLAM-10198: Improved detection of RTF documents exploiting CVE-2023-21716

Bug Fixes and Improvements

  • PLTF-3491: Updated the Active Directory integration to accommodate the Microsoft security patch (KB5004442), which hardens the DCOM protocol utilized for connecting to Windows Domain Controllers
  • LLDOC-540: Updated the Active Directory Integration Guide to state that the newly created Domain Controller account must belong to the "Event Log Readers" group to associate events in the monitored network.

Deprecation of API Methods

No additional API methods are being deprecated or discontinued in this release.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On-Premises:

  • Lastline Manager version 1140.2
  • Lastline Engine version 1140.2
  • Lastline Data Node version 1140.2
  • Lastline Sensor version 1333
  • Lastline All-in-one (Pinbox) version 1140.2

Released Sandbox Images Versions

The sandbox images version will remain at 2022-07-16-01.

Distribution Upgrade

Version 9.4.5 was the final version to support Ubuntu Xenial as our operating system distribution. In order to upgrade to 9.7.2, you must be running Bionic as the operating system distribution.

You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the appliance distribution needs to be upgraded.

For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime.

9.7.1 9.7.3