Lastline Enterprise On-Premises Release Notes

Version 5.1

New features

  • Flexible schedule updates
  • Revamped web interface for Appliance Management
  • Ability to configure the Sensor component of an All-In-One (Pinbox) appliance
  • Revamped notification support
  • User comments on incidents and events
  • Ability to enable or disable PF_RING support via the web interface
  • Sensor status information display improvements
  • Improved support for HTTP proxies
  • Support for capturing files downloaded or uploaded over FTP
  • Backup improvements
  • Minor fixes

Flexible schedule updates

Sensors, Managers, Engines, All-in-Ones will be upgraded if the they have automatic updates enables as soon as they appear online with an old version

Revamped web interface for Appliance Management

  • Various minor improvements in the web UI displaying appliance status and configuration
  • Ability to manually and remotely upgrade an appliance if automatic updates are disabled for that appliance
  • Display of the latest reconfiguration actions executed or pending on the sensor
  • Ability to enable or disable PF_RING support on Sensors/Pinboxes via the web interface

Revamped Notification Support

Lastline Enterprise can be configured to react to the detection of malware in the protected network in three ways:

  • Sending an email notification
  • Sending a CEF message to a Security Information and Event Management (SIEM) system
  • Sending reputation information for network hosts to an HP Tipping Point SMS server

These three backends have been unified into a single notification architecture that brings several advantages to Lastline Enterprise Users:

  • Uniform configuration
  • More configuration options for selecting what type of detections should lead to a notification being sent out and how these notifications should be rate-limited
  • The push-based implementation means that email notifications are sent in a more timely manner
  • Mail notifications can now be sent also when a malicious mail attachment has been detected
  • Mail notifications now include additional information on the detection

User comments on incidents and events

New functionality has been added to our incident and event details views, that allows users to comment on individual detections on the network. This can be helpful for coordinating investigation and response to an incident. Users of Lastline Enterprise Hosted can also use this feature to provide feedback to Lastline about the accuracy of our detection.

Ability to enable or disable PF_RING support via the web interface

In the Sensor/Pinbox configuration page a new option "PF_RING Enabled" will be available. This option will control whether the Sensor/pinbox will use or not PF_RING for packet capture.

Warnings:

  • only change this setting if so instructed by Lastline support
  • manually installing PF_RING on the Sensor no longer works

Appliance status information display improvements

The web UI will now also display the HTTP proxy and the appliance IP address in the page containing appliance status details. A clearer indication of when an update of an appliance is currently in progress will also be given.

Improved support for HTTP proxies

The X-Forwarded-For request header is now handled in all cases for alerting about clients behind an HTTP proxy. This functionality can be enabled with the sensor/pinbox configuration option "Monitor HTTP Requests From an HTTP Proxy"

Backup improvements

The support for backing up Lastline Managers that was introduced in version 5.0 has been extended and improved:

  • Storage configuration are tested on creation to ensure they are accessible
  • Test button next to backup or storage configuration can be used to test backup storage at any time
  • A new jobs view provides list of backup jobs with corresponding status, duration, backup size and, in case of failure, error message.
  • Backup configurations can now be set to manual only, so they do not run periodically
  • Improved robustness of backup process
  • Minor bugfixes

Minor fixes

  • Bugfix in file analysis reports: the malicious activity section and the memory dumps section in certain circumstances could display incomplete or incorrect information
  • Functionality to rename sensors is again available in the Lastline Portal
  • Do not allow non-administrator users to see other user's analysis history
  • Fix bug in mail page that could lead to inconsistency between the number of analyzed attachments displayed between the mail attachments graph and the mail attachments list

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use on-premise:

  • Lastline Manager version 581
  • Lastline Engine version 581
  • Lastline All-in-one (pinbox) version 581
  • Lastline Sensor version 585
5.0 5.2