This is the final release in which Lastline Enterprise will be supported. Once you have upgraded, your enterprise license will need to be upgraded to Lastline Defender Limited (at no charge).
As malicious attacks keep evolving, from email and perimeter based attacks to attacks deeper inside your network, Lastline Defender Limited is an evolution from Lastline Enterprise to address these attacks.
Lastline Defender Limited significantly improves your security response by providing a broader network detection platform that incorporates network traffic analysis to provide better context and situational awareness for security alerts.
Lastline Defender Limited is built on the …continue.
Version 9.3.1
End of Support for Lastline Enterprise
This is the final release in which Lastline Enterprise will be supported. Once you have upgraded, your enterprise license will need to be upgraded to Lastline Defender Limited (at no charge).
As malicious attacks keep evolving, from email and perimeter based attacks to attacks deeper inside your network, Lastline Defender Limited is an evolution from Lastline Enterprise to address these attacks.
Lastline Defender Limited significantly improves your security response by providing a broader network detection platform that incorporates network traffic analysis to provide better context and situational awareness for security alerts.
Lastline Defender Limited is built on the …continue.
Version 9.3
End of Support for Lastline Enterprise
This is the final release in which Lastline Enterprise will be supported. Once you have upgraded, your enterprise license will need to be upgraded to Lastline Defender Limited (at no charge).
As malicious attacks keep evolving, from email and perimeter based attacks to attacks deeper inside your network, Lastline Defender Limited is an evolution from Lastline Enterprise to address these attacks.
Lastline Defender Limited significantly improves your security response by providing a broader network detection platform that incorporates network traffic analysis to provide better context and situational awareness for security alerts.
Lastline Defender Limited is built on the …continue.
Version 9.2.1
Detection Improvements
SENT-2773: Fixed a problem in the file extraction rules for POSIX tar files in sniffing sensors. Transfers of such files are now consistently extracted by the appliance.
Bug Fixes and Improvements
MALS-3247: The Lastline Sensor is now permitted to explicitly bypass the static prefilter when uploading files for analysis in the Analyst API.
MALS-3249: Fixed a race condition that could cause submissions to the Analyst API remain in a incomplete state for four hours after submission.
SENT-2785: Fixed an issue where a certain class of email local detections, acting for instance on the text content of an email, would be incorrectly lead to …continue.
Version 9.2
COVID-19 Announcement
For more information on Lastline preparedness and response during the COVID-19 outbreak visit this page.
New Features
Support for Bulk Host Tagging
Email Quarantine Support
Update to suricata 5.0.1 upstream
Support for online DB migrations
Support for URL reputation in sniffing sensors
Display detected threats stats in portal
Add host tag filter to alert suppression
Host Listing and Sidebar Improvements
SUPPORT FOR BULK HOST TAGGING
Security analysts can now provide the same host tag for multiple hosts from the listing page. Additionally, security analysts can also update existing tags or delete these tags for multiple hosts with a single operation
This new feature was tracked internally as FEAT-4714
TRES-1216: Improved URL analysis for JavaScript-based delayed redirects.
TRES-1376: Improved URL analysis for downloaded files.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released Appliance Versions
As part of this release, we are making available the following versions of Lastline appliances
for use with Lastline Enterprise On-Premises:
Lastline Manager version 1081.4
Lastline Engine version 1081.4
Lastline Sensor version 1132.1
Lastline All-in-one (Pinbox) version 1081.4
Released Sandbox Images Versions
The sandbox images version will remain at …continue.
Version 9.1.1
Bug Fixes and Improvements
CC-2652: Fixed a bug preventing upgrade of Lastline Engine, Pinbox, and Analyst appliances with more than 32 CPU cores.
PLTF-1305: Fixed an issue where mail permissions were not being respected across customer licenses.
SENT-2667: Improved one of the file extraction rules associated to the extraction of .img files out of sniffing sensors. The file extraction rule now works around common false positives that would cause the sensor to needlessly process large amounts of unrelated filetypes.
CC-2660: Fixed an error that would occur during the upgrade of appliances from old installations.
MALS-3152: More robust scoring of documents with anomalous, but benign, contents.
Added password protection support for analysis artifact download
Implement new hosts listing view
Enable reputation feed on sensor
Display network event verification outcome in portal
Docker IP Address Configuration
Display Lastline IDS signatures for detectors
Extend displayed analysis information for mail messages
Access host overview sidebar from intrusion profile
MITRE ATT&CK techniques and details now available in Analysis report
Support for analysis of artifacts extracted from HTTP uploads
New incident captured traffic profile
Participating host sidebar
SUPPORT FOR EMAIL STATIC DETECTIONS
The sensor can now identify harmful content in an email message independently from the analysis of its attachments or URLs. This allows the identification of threats that …continue.
Version 9.0.1
New Features
Docker IP Address Configuration
DOCKER IP ADDRESS CONFIGURATION
The lastline_register utility now prompts the user to provide a network address range to use for internal appliance services. In previous releases, this address range was statically configured on a 172.16.0.0/12 network, which could cause a conflict if the range was already in use in the local network.
For details, please refer to the installation manual.
This new feature was tracked internally as FEAT-4742
Detection Improvements
TRES-1053: Improved detection of malicious MS Office document with stomped VBA code.
Bug Fixes and Improvements
ANST-471: Stability improvement for data-retention of analysis results.
SENT-2587: Fixed an issue where a restart of the mail …continue.
Version 9.0
New Features
Restrict incidents to a single threat
Security Analyst Triage Workboard
Customer and Account usernames no longer required to be email addresses
Updatable Lastline YARA signatures
Add fail open configuration options under sensor mail configuration
Display 'Processing' and 'Delivery' information in the Mail Message Details view
Create suppression rules based on incident and host in UI
Add "other host" filter to alert suppression wizard
Implement LDAP integration for authentication and authorization
Provide screenshots of PDF files in events
Display 'Message Header' in mail message details view
