Lastline Enterprise On-Premises Release Notes

New features

• Improved appliance metrics views
• Display child tasks in analysis reports
• Display signature matches against 3rd party rules
• Audit log extensions
• Email analysis bugfixes and improvements
• Sensor support for the Intel x710 network adapter family

Improved appliance metrics views

The appliance metrics views have been improved to better support deployments with a large number of appliances.

For such deployments, the legend listing all of the appliances could end up occupying most of the available space for each graph.

In this version, the legend has been moved outside of individual graphs and into a dedicated "Appliances" widget, so it is not repeated in each graph on the page and so that the actual graphs can use all of the available space to display appliance data.

Display child tasks in analysis reports

Lastline's analysis of a file or URL may, under a growing list of circumstances, trigger additional analysis tasks on URLs or files generated by the initial analysis run. As an example, the analysis of a URL may trigger the analysis of a linked file. Conversely, the analysis of a file may trigger the analysis of a URL that was found in that file.

The Lastline portal now displays all such child tasks of an analysis report in a new "Additional artifacts" table displayed in the report overview page.

Display signature matches against 3rd party rules

When displaying a traffic capture (pcap) for a network event in the Lastline portal, we now also display additional "open intel" information about the results of matching freely available, 3rd party IDS signatures against the traffic capture.

Currently, we are matching two third-party rulesets against these traffic captures:

• The Emerging Threats "open" ruleset
• The Snort community ruleset

This additional intelligence can provide customers with some context and additional validation for events detected by Lastline. Note that Lastline does not use these rulesets for detection.

Audit log extensions

With this release, additional information will be included in the audit log which is available in the Lastline portal, API, and in audit log notifications.

• Include logout events.
• Include failed login attempts that use a valid user account
• Successful login events were already included in audit log, but are now also included in audit log notifications.
• Include changes to integration configurations. This includes notifications (Syslog, email, generic HTTP, streaming, Checkpoint and Tipping Point), Active Directory integration and Tanium integration.

Email analysis bugfixes and improvements

• Fix an issue that could lead to too short wait time between email delivery attempts in inline mode.
• Fix an issue that could lead email processing to stop during Sensor upgrade or reconfiguration.
• Improved handling of deeply nested MIME parts in emails.
• Improved handling of nexthop DNS resolution failures when delivering emails in inline mode.

Sensor support for the Intel x710 network adapter family

The Sensor appliance now supports accelerated packet capture via these network adapters.

Bug fixes and improvements

• Improved design of portal sidebar. It is now collapsible to make more efficient use of screen space.

• In portal, renamed "internal host" to just "host", to reflect the fact that in some cases displayed host may not be within the protected network.

• Sensor appliances now report errors more promptly. Previously, it could take up to 10 minutes for an error state detected on the appliance to be reflected in the appliance's status as show in the Lastline UI.

• Fix an issue linking analysis metadata for download in the analysis report.

Deprecation of API methods

No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On Premise:

• Lastline Manager version 715
• Lastline Engine version 715
• Lastline Sensor version 714.1
• Lastline All-in-one (pinbox) version 715.1