Lastline Enterprise On-Premises Release Notes

Version 6.0

New feature

  • Redesigned installer and diagnostic tool
  • Analysis engine improvements
  • Analysis report improvements
  • Analysis UI improvements
  • Sensor file capture improvements
  • HP Tipping Point SMS integration improvement
  • Improved commenting on analysis reports, network events and incidents
  • Windows Active Directory Integration
  • SIEM Notifications in LEEF format
  • Improved Appliances UI
  • Improved proxy support
  • High-Availability (HA) support
  • Dell hardware support improvements

Redesigned installer, diagnostic tools, and improved proxy support

The installer for the Lastline Enterprise On-premise appliances has been redesigned in order to simplify the installation process, and proactively detect problems with the installation environment.

The "lastline_test_appliance" command has been added to allow diagnosing issues with the appliance or the deployment environment.

Analysis engine improvements

The analysis engine has received a number of improvements:

  • improved the analysis of PDFs, by adding support for encrypted PDFs and extending the number of exploits that are identified
  • improved the analysis of Java applets, extending the number of exploits that are identified and improving the stability of the analysis
  • improved the analysis of web content, extending the number of exploits that are identified and improving the stability of the analysis
  • added additional heuristics to detect suspicious JavaScript code
  • improved the handling of slow-executing JavaScript code
  • improved the analysis of Microsoft Office documents, by recognizing new exploit patterns and identifying suspicious content embedded in documents

Analysis report improvements

The analysis report pages have been improved in several ways:

  • Display reputation information about Android APKs
  • Improved handling of signed Windows binaries
  • Show packer information from PEiD in analysis reports

Analysis UI improvements

The analysis UI has been improved by adding the following feature:

  • UI support for providing a password when submitting encrypted archives for analysis

Sensor file capture improvements

The file capture component of the Sensor has been improved with:

  • Improved password support for encrypted archives
  • Support for Java .class and JAR file upload and analysis
  • Improved RAR support

HP Tipping Point SMS integration improvement

In previous versions of Lastline Enterprise Hosted, the integration with HP Tipping Point SMS servers relied on sending API requests over HTTPS to a customer's HP Tipping SMS server from the Lastline Manager. With this version, Lastline Enterprise can be configured to send these API requests from the Lastline Sensor or from the Lastline Manager.

Improved commenting on analysis reports, network events and incidents

Additional views have been introduced for viewing comments about analysis reports, network events and network incidents. This makes it more practical for users to take advantage of the existing commenting feature to share information about an analysis or incident.

Windows Active Directory Integration

Lastline Enterprise Sensors can now integrate with Windows Domain Controllers to obtain information on Windows user accounts that are logged in to hosts in the protected network. Information on logged in users can then be displayed in event and incident details.

For information on how to set up active directory integration, see the relevant section of the Portal guide.

SIEM Notifications in LEEF format

When sending notifications to a Security information and event management (SIEM) appliance over the syslog protocol, Lastline Enterprise now supports two message formats:

Common Event Format (CEF), used by HP Arcsight Log Event Extended Format (LEEF), used by IBM Qradar. Previous versions of Lastline Enterprise supported exclusively the CEF format. The format can be selected in the notification configuration.

Improved Appliances UI

The Appliances tab was subject to a major redesign with improved usability and additional features.

  • System metrics are now available for all appliance types, not just sensors Appliance monitoring logs are now available, which provide additional information about the status of Lastline Appliances.
  • New interface for selecting one or more appliances to view.
  • Streamlined navigation throughout the Appliance UI.

Improved proxy support

The ability to function in an network with Internet connectivity relgulated by an HTTP proxy has been extended and improved:

  • It is now possible to deploy a Lastline Enterprise appliance behind a transparent proxy with SSL inspection.
  • Support for networks with explicit HTTP proxy and not DNS access has been extended.

High-Availability (HA) support

Starting from version 6.0, it is possible to deploy and additional Manager acting as a Stand-by Manager. In case of unlikely failure of the primary Manager, the Stand-by Manager can be promoted to Active Manager, effectively replacing the failed server.

Dell hardware support improvements

  • Dell R320/R420 v2 CPUs (Ivy Bridge) are now officially supported and tested.
  • BIOS-mode installation is now supported on Dell R320/R420 with recent firmware.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use on-premise:

  • Lastline Manager version 600
  • Lastline Engine version 600
  • Lastline Sensor version 600
  • Lastline All-in-one (pinbox) version 600
5.3.3 6.0.1