This release adds official support to Broadcom NIC cards based on the bnxt_en driver. While sniffing appliances using such NICs were supported in standard "compatibility mode" with reduced performance, starting with this release sniffing appliances will be able to leverage hardware acceleration to achieve better throughputs.
This new feature was tracked internally as FEAT-7205
Bug Fixes and Improvements
PLTF-3001: Shorten HA virtual IP label suffix to support interface names of up to 10 characters. This issue would cause the VIP to be unreachable only in certain installations when the interface …continue.
Version 9.5.1
Bug Fixes and Improvements
USER-5640: Added missing checkbox to login screen which allows the user to select whether or not to login with LDAP.
LLANTA-2235: Disabled log4j's message lookup substitution in Elasticsearch as an additional mitigation against the CVE-2021-44228 vulnerability. See https://kb.vmware.com/s/article/87094 for additional details.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline …continue.
Version 9.5
New Features
Permalink Option for Interactive Analysis Reports
Home network setting to default to RFC1918 private IP ranges.
Support for license-based permissions for custom intel
Allow configuration of archive file limit for on-premises defender.
Change default NTP server to ntp.lastline.com
PERMALINK OPTION FOR INTERACTIVE ANALYSIS REPORTS
The permalink features allows for a link to an interactive Malware Analysis report to be made available to others within the organization without the need to log in to the NSX Defender Portal to view the details. To create a shareable report permalink, click on the "Share Report" button when viewing an Analysis Report.
This new feature was tracked internally as …continue.
Version 9.4.5
New Features
We are planning on changing the public IP addresses that are used by Lastline backend services to reflect our move away from an older datacenter provider to more scalable infrastructure.
These are the IP addresses assigned to lastline.com contacted by Lastline appliances (such as log.lastline.com, user.lastline.com, management.lastline.com, update.lastline.com, and anonvpn.lastline.com)
when accessing services like cloud APIs and image registries. This will affect both hosted and on-premise installations of all Lastline products.
It is required that these IP addresses are permitted by firewall rules to prevent service issues when these IP addresses are expected to go live by August 31st 2021.
PLTF-2402: Improved encryption of HTTPS traffic to the appliances (Manager, Analyst and Pinbox) by restricting the cipher suites supported by the web server to enforce stronger encryption in accordance with industry best practices.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of the appliances
for use with NSX Defender On-Premises:
FEAT-6795: The license of a 3rd party component used in the Lastline analysis pipeline has been updated, the previous license was scheduled to expire May 15th 2021. Please update your On-Premises environment to version 9.4.2 by May 15th to receive continued signature updates. Failure to upgrade before this day may result in additional False Negative detections for new malware variants.
SENT-3113: Fixes a bug that caused the mail analysis pipeline to stall when processing URLs with unicode characters
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this …continue.
Version 9.4.1
New Features
Detection Improvements
Bug Fixes and Improvements
PLTF-2215: Fixed a bug that caused Network IoC notifications to be disabled On-Premises
SENT-3081: Fixed an issue where the submission of a completely benign document on an ICAP sensor would incorrectly cause its analysis to be stalled indefinitely.
SENT-3080: Fixed a major issue in the sensor ICAP implementation where certain ICAP submissions would timeout indefinitely without ever being analysed.
PLTF-2276: Fixed SAML SSO configuration issue observed on bionic appliances.
USER-5072: Fixed an issue where inappropriate permissions were being set while creating multiple user accounts.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
Version 9.4 will be the final version that supports Ubuntu Xenial as the operating system
distribution. In all future releases, Ubuntu Bionic will be required. To support this
distribution upgrade, 9.4 will support both Ubuntu Xenial and Ubuntu Bionic. Before upgrading
to any future version, appliances on Ubuntu Xenial must be upgraded to Ubuntu Bionic while running version 9.4.
The upgrade of the distribution will require a reboot and may take up to an hour to complete.
You can check the distribution in use by an appliance in the
Appliance Status view of the portal.
The "Base Distribution" listed should be "bionic". If it is "xenial",
the …continue.
Version 9.3.2
New Features
Added preliminary support for IMAP OAuth authentication in MS Office 365
ADDED PRELIMINARY SUPPORT FOR IMAP OAUTH AUTHENTICATION IN MS OFFICE 365
The sensor now has the capability to support IMAP OAuth authentication when doing email analysis. The feature is meant to address the upcoming deprecation of password authentication in Microsoft Office 365. The implementation is tested exclusively with Microsoft Office 365, although it may support also other IMAP services. While UI support for enabling the feature is planned in future releases, contact the Lastline support to configure the feature at this stage.
This new feature was tracked internally as SENT-2934