Version 5.2
New features
- Java analysis improvements
- Analysis report improvements
- Appliances list improvements
- Email notification fix
- Appliance metrics
Java analysis improvements
The detection of malicious Java code has been improved supporting in-depth analysis of Java applets. Additional information about applets is displayed in the analysis report, including the name and hashes of individual files contained in an applet. See this report for an example of a Java analysis.
Analysis report improvements
The analysis report pages have been improved in several ways: - they now load faster; - when available, they offer the ability of seeing reports obtained by analyzing a sample in different analysis environments (e.g., in Windows XP and Windows 7); - they include the new annotation code (first used in events and incidents pages) to add comments to analysis reports. - process snapshots now include the timestamp when the snapshot was taken - information about key logging behavior is exposed in analysis reports. See our recent blog post for more information on our key logging detection capabilities. - the server’s IP address and the SHA1 hash of requests is exposed in web reports
Appliances list improvements
The page showing a listing of all appliances has been improved:
- the display of the relationship between appliances in on-premise installations has been fixed
- offline appliances are marked as “warning” conditions
- the display of appliance markers in the appliance map has been improved
Email notification fix
This release fixes a regression in Lastline Enterprise's email notification functionality that has been present since the release of our revamped notification support in Lastline Enterprise hosted version 5.1.
As in versions before 5.1, email notifications will now not be sent for events where the source host has been whitelisted, or falls in a whitelisted IP range. This allows administrators who choose to ignore detections for parts of the monitored network that are not relevant to them (such as the IP ranges of open wireless networks or guest IPs), to also not receive email notifications for such events.
Appliance metrics
The Lastline portal now allows Lastline Enterprise users to see graphs of system metrics about sensors such as CPU and memory usage. The new metrics page can be seen here, and is linked from the appliances tab.