Version 6.2
New features
- Additional information in SIEM syslog notifications
- Additional information in email notifications
Additional information in SIEM syslog notifications
Our SIEM syslog notifications have been extended with additional information.
Custom intelligence information:
- Custom rule message is sent out in the CEF/LEEF "msg" field
- Custom blacklist entry comment is sent out in the CEF/LEEF "msg" field
- Custom intel source is sent out in the CEF/LEEF "reason" field
- Custom rule identifier is sent out in the CEF/LEEF detectionId field
Active directory information:
- Information on the user logged in at the time of the alert is included in the CEF suser field and in the LEEF usrName field, if this information is available from the Windows Active Directory integration
File information:
- For alerts that refer to a file, a link to the analysis report for the file is included in the CEF/LEEF FileDetailLink field
- For HTTP file downloads, the HTTP host field is included in the CEF/LEEF dhost field
Missing fields in LEEF format
- Our LEEF notifications have been extended to include a few additional fields that were so far present only in CEF format.
Additional information in email notifications
Our email notifications have been extended with additional information.
Similarly to our SIEM notifications, they now include custom intelligence information, active directory information, as well as additional information on file alerts.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use on-premise:
- Lastline Manager version 605
- Lastline All-in-one (pinbox) version 605
The following appliances remain at the previously released versions:
- Lastline Sensor version 603
- Lastline Engine version 604