Lastline Enterprise On-Premises Release Notes

Version 7.13

New features

  • Custom dashboard configurations
  • Event generation for firewall-based blocking in inline Sensor
  • Improved protection against attacks in HTA or SVG file types
  • Email analysis improvements
  • Database data retention configuration

Custom dashboard configurations

The Lastline Enterprise Portal's dashboard page now supports customizing dashboards with drag and drop. In addition to choosing between the four built-in dashboard configurations that were introduced with onpremise release 7.12, customers can now create new dashboards with a custom selection of UI "gadgets", to put together dashboards that can show you the desired information at a glance.

  • Create a custom dashboard by copying an existing dashboard, then customize it to your needs by adding, removing or moving around the gadgets it displays, using an intuitive drag and drop interface.

  • Alternatively, start from a new empty dashboard and add selected gadgets.

  • Search for gadgets to add by category to quickly identify gadgets of interest.

  • A total of 37 gadgets are available, including most of those used in the current built-in dashboards as well as additional ones.

  • Save, edit, update and delete dashboard configurations.

  • Mark a dashboard configurations as private to your account, or public to share it with other users (within a customer's organization).

Event generation for firewall-based blocking in inline Sensor

Sensors configured in inline mode with enabled iptables-based blocking now generate events for subsequent connections blocked by the firewall, causing the connections counter on the corresponding event in the web UI to increase.

Improved protection against attacks in HTA or SVG file types

The analysis framework now offers better support for finding attacks delivered via HTA applications or Scalable Vector Graphics (SVG) files.

Email analysis improvements

  • Disable RC4, SSLv3, and TLSv1 in the server component of the MTA mode for email analysis.
  • In email inline analysis mode (MTA), make sure the Sensor appliance status shows a warning if a connection cannot be established to any of the nexthop servers.
  • In email inline analysis mode (MTA), add ability to disable editing the subject and/or the body of an email even in case of malicious content.
  • Improve robustness to malformed values in destination email address extraction in STMP sniffing mode.

Database data retention configuration

Customers can now configure data retention settings for the database on a Lastline Manager or Pinbox appliance.

  • These configuration options can be viewed and modified in the Appliance tab of the portal, under Appliance -> Config -> Configuration.
  • Different data retention setting can be selected for different types of data in the database.
  • For each type of data, data retention can be set to keep 2 to 22 months of data, or be completely disabled.

Please note that these settings only control data retention for data within the relational database. Configuration of data retention settings of analysis-related data stored on the file system does not change with this release, and can be accessed through the lastline_setup command line utility.

Bug fixes and improvements

  • Support unicode strings for file names and mount points in SMB file downloads.

  • Fix bug that caused the "Show host as" menu in "Display Settings" to have no effect.

  • Fix graph rendering issue for Internet Explorer 11

  • Fix bug in PAPI that could prevent granting the "can_access_analyzed_files" and "can_access_sensitive_analyzed_files" permissions.

  • Increase Sensor-side robustness to misplaced whitespace in customer-provided IDS rule range variables.

  • Fix bug in inline Sensors with multiple inline interface pairs that prevented blocking from correctly applying on the relevant interface pair.

  • Support address ranges as well as CIDR prefixes in custom IP address whitelisting installed on a Sensor.

  • Improved display of result statistics in search results in the intelligence tab.

  • Fix bugs in file downloads tab of the Lastline Portal. Filtering on "File Type" was not working correctly.

  • Allow specifying multiple NTP servers in appliances configuration.

  • Added missing "event_detail_link" field to mail events in streaming notification API.

  • The outcome of backup operations is now visible also in the appliance monitoring logs UI in the Appliances tab under Appliances -> Logs -> Monitoring Logs

Deprecation of API methods

No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise On Premise:

  • Lastline Manager version 717
  • Lastline Engine version 717
  • Lastline Sensor version 717.2
  • Lastline All-in-one (pinbox) version 717

Deprecation of appliance versions

Because of the change to the communication protocol between sensor and backend,

  • sensor versions before 717 are being deprecated with this release. These deprecated sensor versions however will remain supported at least until onpremise release 7.15.

  • sensor versions before 716 have been deprecated since the Enterprise On-premise 7.12 release. These deprecated sensor versions will remain supported at least until onpremise release 7.14.

7.12 7.13.1