Version 5.3
New features
- Custom threat intelligence
- Notification configuration permissions
- URL Analysis report improvements
- Sensor bug fixes
- Portal performance improvements
Custom threat intelligence
Customers can now upload custom intelligence to their Lastline Enterprise installations through the Lastline Custom Intelligence API. This allows customer to provide custom blacklist IPs and domains as well as suricata-compatible IDS rules that will be deployed on their Lastline Sensors.
More information on the Lastline Custom Intelligence API can be found in the relevant chapter of the Lastline API documentation.
Notification configuration permissions
The permissions for viewing and editing notification configurations are now more fine-grained.
- A user may view notification configurations only of sensors and licenses he has access to, based on the "access alerts" permission
- A user may create or edit notification configurations only of sensors and licenses he has access to, based on the "manage labels" permission.
URL Analysis report improvements
- URL analysis reports now include a description of the exploits that were identified
Sensor bug fixes
-
Stability improvements in multi-gigabit environments
-
Fix for incorrect handling of the X-Forwarded-For HTTP header, which in certain proxy constellations could cause an IP address of 0.0.0.0 to be reported instead of one of the connection endpoints.
Portal performance improvements
We have fixed some performance issues in the the Lastline Portal that led to high page load times for users with a large number of licenses.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use on-premise:
- Lastline Manager version 583
- Lastline Engine version 583
- Lastline All-in-one (pinbox) version 583
- Lastline Sensor version 592