Lastline Enterprise On-Premises Release Notes

Version 7.1

New features

  • Sensor improvements
  • Portal feedback support
  • Improved console workflow
  • Improved document structure analysis
  • Various analysis report bug fixes
  • Appliance registration wizard improvements

Sensor improvements

  • The IDS component has been improved considerably, including support for more powerful signatures (compatible with Suricata 2.0), improved detection and parsing of app-layer protocols, and more resilient parsing of TCP streams.

  • The Sensor now also extracts and examines Microsoft Cabinet archives and as well as Apple PKG files.

  • Packet capture with supported 10Gbps NICs now features more robust auto-configuration and improved performance.

  • Various robustness and performance improvements in the Sensor-side handling of extracted files, including improved coverage of archive contents.

Portal feedback support

You can now provide feedback to Lastline directly through the Lastline Portal, by clicking on the "Feedback" link in the top bar of the Lastline Portal. You can use this form to send us feedback about the Portal or about any other aspect of Lastline products and services.

Improved console workflow

The workflow for the console tab of the Lastline Portal has been improved, with a new view showing activity for a host in the protected network in a single page. This includes:

  • Incidents
  • Network events
  • Files downloaded
  • Network traffic captures

All of this information was already available in the Lastline Portal, but this new view puts it all in one place so it can be reached with fewer clicks. We will be expanding this view with even more information in upcoming releases.

Improved document structure analysis

The analysis of document files was improved to better extract embedded document content, for example from Microsoft Office macros.

Appliance registration wizard improvements

The wizard offered by the lastline_register command has been improved by:

  • making user messages and user prompts clearer
  • making error messages more descriptive
  • reducing the required user input for the standard cases
  • preventing the selection of expired licenses during registration

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On Premise:

  • Lastline Manager version 701
  • Lastline Engine version 701
  • Lastline Sensor version 701
  • Lastline All-in-one (pinbox) version 701

Deprecation of API methods

The following API methods of the legacy API (/ll_api/ll_api) are being deprecated in this version:

  • get_keys
  • query_mail_attachments
  • query_attached_files
  • query_mail_attachment_stats

Furthermore, the following deprecated methods of the legacy API are being removed in this version:

  • query_network_status

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

7.0 7.2