Lastline Enterprise On-Premises Release Notes

Version 7.5.1

New features

  • Provide information on blocked email content in API, UI and notifications
  • Bug fixes and improvements

Provide information on blocked email content in API, UI and notifications

When deployed in inline MTA mode, Lastline Sensors can be configured to block malicious email content, or to insert warnings in such emails about their contents. With this version, we are making information on which action was taken on each mail, attachment and URL in the API, UI as well as notifications. Specifically:

  • The Lastline API methods for accessing mail detection information have been extended to return additional fields "mail_action" and "message_action". Furhtermore, they now provide a "blocked" filter. Refer to the updated API documentation for details.

  • The Lastline Portal's mail tab has been extended to display the above information and to support the "blocked" filter, to e.g. be able to view all malicious attachments that have/have not been blocked by Lastline.

  • Notifications sent out about malicious mail attachments or URLs over email, syslog, HTTP POST and streaming API have been extended to include this new information. For this, the notification format version is updated to 7.6. In syslog CEF and LEEF formats, the "act" field is now used to convey which action was taken on the mail. For details, refer to the updated integration guides for syslog, HTTP POST and Streaming API integrations.

Bug fixes and improvements

  • Improved document macro analysis
  • Allow upload of large files via the analysis web-portal
  • Allow upload of Mac OS X files inside DMG and PKG containers via cloud-analysis component (if enabled)
  • Fix bug in mail detection processing pipeline that could result in error state "Message processing not running"

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use on-premise:

  • Lastline All-in-one (pinbox) version 708
  • Lastline Manager version 708
  • Lastline Engine version 708
  • Lastline Sensor version 707.3

Deprecation of API methods

No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.

7.5 7.6