Lastline Enterprise On-Premises Release Notes

Version 7.6

New features

  • New account permissions UI and APIs
  • Faster take-over between managers in high availability configuration
  • Support for MPLS-encapsulated traffic
  • Preserve time range selection across views
  • Support for filtering in appliance monitoring logs UI
  • Additional appliance metrics for system load
  • Extraction of links from PDF artifacts
  • Email analysis improvements
  • Provide hostname information for internal hosts for all network events
  • Bug fixes and improvements

New account permissions UI and APIs

The interface for managing permissions of accounts on the Lastline portal has been completely redesigned. Management of permissions in the portal is accessed by selecting the "edit" option on an account in the accounts management page

The new interface provides more information on what permissions do and should make it easier for administrators to manage user permissions.

This release also introduces two new permissions that provide finer-grained control of appliance-related functionality.

  • can view appliances: Ability to view information about appliances

  • can manage appliances: Ability to perform all actions needed to manage an appliance

Faster take-over between managers in high availability configuration

In a high availability configuration Lastline customers deploy an active Manager appliance as well as a standby Manager appliance that acts as a hot standby. This release speeds up the take-over operation that occurs when the standby Manager transitions to an active role. This reduces the potential downtime in case of failure of the active Manager.

Support for MPLS-encapsulated traffic

The Sensor now supports processing of MPLS-encapsulated traffic, in addition to the existing VLAN encapsulation support. Only one of the two encapsulation technologies can be active at any given time. Regardless of which encapsulation type is active, the Sensor processes unencapsulated IP traffic at all times.

Preserve time range selection across views

The portal has been improved to preserve time range selection across views. This means that the relative or absolute time range selected when viewing one page will be preserved when navigating throughout the portal.

Support for filtering in appliance monitoring logs UI

The appliance monitoring logs page has been improved by adding support for filtering the displayed logs. Monitoring logs can be filtered based on:

  • Their impact level: Ok, warning or error
  • The log identifier
  • The component they refer to
  • The appliance type
  • The content of the log message itself

Additional appliance metrics for system load

This release adds a new metrics page that displays metrics about system load, and in particular IO load metrics such as IO utilization and disk read and write speeds. The new load metrics page is accessible under the metrics dropdown of the Appliances tab.

Extraction of links from PDF artifacts

Links included in PDF artifacts submitted for analysis are now extracted, included in the generated analysis report, and displayed in the analysis report UI. Please refer to the Analyst API documentation for more details.

Email analysis improvements

  • Improve performance and robustness of email parsing
  • Support saving the email trace log in JSON format on the Sensor disk
  • Support logging all attachments and URLs in the Sensor logs
  • Support configuration of hostname used in SMTP communication

Provide hostname information for internal hosts for all network events

If a Lastline Sensor is configured to "Resolve internal hostnames", it performs reverse DNS lookups to obtain host names for internal hosts. With this release, this functionality has been improved to make sure this information is available across all classes of network events.

Furthermore, we now display source hostname information also in the file downloads tab, and in proxy scenarios we now display the HTTP server hostname correctly for IDS events, regardless of the directionality of the threat.

Bug fixes and improvements

  • When the IDS component on the Sensor fails to parse a customer- provided rule, the web UI now indicates the exact reason in the monitoring logs
  • Robustness improvements when logging URLs and processing signature hits on the Sensor
  • Better support for accelerated packet capture on machines with a lot of memory
  • ICAP functionality fixes and monitoring improvements
  • Changes to account permissions are now included in the audit log

Deprecation of API methods

The following deprecated methods of the legacy API are being removed in this version:

  • set_account_permission
  • query_account_permissions

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On Premise:

  • Lastline Manager version 709
  • Lastline Engine version 709
  • Lastline Sensor version 708
  • Lastline All-in-one (pinbox) version 709
7.5.1 7.6.1