SENT-2477: Improved detection of threats leveraging .lnk files as propagation vector.
FEAT-4476: Improved detection of malicious MS Office documents which use EvilClippy technique to bypass detection by stomping VBA code.
Bug Fixes and Improvements
SENT-2511: Fix to a bug that would cause the file processing pipeline to slow down under extreme load.
SENT-2497: Fix to a bug that would cause the file processing pipeline to get stuck when in sniffing mode under certain circumstances.
CC-2588: An issue was fixed causing the upgrade to fail due to a specific package that may be installed.
Deprecation of API Methods
No additional API methods are being deprecated or discontinued …continue.
Version 8.4
Image Download Time
The overall size of our sandbox images has increased, impacting the time it may take to download these images during the install or upgrade compared to time it took in our most recent 8.3.4 release. The install and upgrade time can be reduced by pre-loading the Lastline sandbox images before you upgrade or install. Instructions on how to pre-load sandbox images can be found here.
Additionally, to mitigate this risk upon installation we strongly suggest you enable downloading from a CDN, which is documented in the Lastline Manager Installation Guide. For customers upgrading from a previous version who are …continue.
Version 8.3.4
Bug Fixes and Improvements
CC-2565: A bug has been fixed where an appliances running on the Trusty distribution operating system would show the option to upgrade to a version which only supports the Xenial distribution operating system.
Deprecation of API methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances
for use with Lastline Enterprise On-Premises:
TRES-647: Improved prefilter detection for documents with XL4 macro code
Deprecation of API methods
No additional API methods are being deprecated or discontinued in this release.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances
for use with Lastline Enterprise On-Premises:
Lastline Manager version 1056
Lastline Engine version 1056
Lastline Sensor version 1056
Lastline All-in-one (Pinbox) version 1056
Released sandbox images versions
The sandbox images version remains at 2019-04-18-01.
The appliance configuration now allows marking analysis results for deletion after a configurable amount of time. This means that detailed analysis results, such as the sandbox report (or any metadata files, such as screenshots of network traffic captures) will not be available for download, allowing to limit the space used by these results on large installations.
This new feature was tracked internally as FEAT-2331
Bug Fixes and Improvements
PLTF-730: Fixed an issue where the tool managing the VIP on a manager appliance wasn't able to detect the right interface to add the VIP to
TRES-438: Improved static detection of obfuscated Microsoft Office documents
TRES-301: Improved detection of evasive Microsoft Office documents which use country-specific checks to bypass analysis systems.
Bug Fixes and Improvements
LLAM-4626: Fixed an issue where the llurl-framework service was running but the python process was not running for the service.
ENG-3005: Ensure resuming appliance upgrade correctly tags all docker images for use.
CC-2519: Fixed an issue when running lastline-distribution-upgrade for appliances that were installed on Precise where enum34 fails to upgrade properly.
ATAT-177: We have decreased the space required in /boot to run lasteline_distribution_upgrade to 140MB.
ATAT-175: Fixed the issue with an incorrect GCC version incompatible with …continue.
Version 8.3
New Features
Move analysis on mac-OS/Apple hardware from beta into GA
Extract URLs from executed scripts during sandbox analysis
Scan every stage of executed PowerShell script with YARA rules
Extract stages of Powershell script execution
New portal sitemap and navigation structure
Display new intrusion impact score
Support analysis of URLs that are rewritten by third party products in mail
New dynamic analysis framework for web attacks
Sniffing support for GRE encapsulation
Add new permissions for viewing and managing custom intelligence
Configure data-retention for analysis results
Support ICAP Blocking on sniffing events
MOVE ANALYSIS ON MAC-OS/APPLE HARDWARE FROM BETA INTO GA
The Lastline Manager now supports the deep dynamic analysis of applications on mac OS. …continue.
Version 8.2
New Features
Widget to display new network detections in dashboard
Support for filtering by intrusion/not in an intrusion in hosts and incidents listing
Ability to permanently delete decommissioned appliances from overview in UI
Support ICAPS
Improve filtering of URLs using threat intelligence cache
WIDGET TO DISPLAY NEW NETWORK DETECTIONS IN DASHBOARD
The Lastline Portal dashboards now support a new widget for displaying the top new detections in your network. This can help you spot new threats in your network that may need to be prioritized for further investigation. These threats might otherwise have been hidden among other, less interesting detections.
This widget will display the top detections by …continue.
Version 8.1
New features
Show Message-ID header in email details
Expose intrusions to all enterprise customers
Life-cycle support for intrusions
Add timeline view to intrusion details to display timeline of infections on hosts involved in the intrusion
Logging improvements to sensor-generated email logs
Intrusion correlation rule linking malicious attachments to network detection
Notifications for intrusions
Promote unusual INFO events to detection events
Intrusion correlation rule for detecting lateral movement
Disable SHA-1 for SSH daemon appliances
Mail API for 3rd Party Integration
Use the local threat intelligence cache to rate-limit data to upload
Support for changing FQDN of an installed appliance
Configuring pop3/imap polling interval via web UI
Support exporting of historical data in Excel-friendly format
PLTF-328: Fixed bug that caused certain new features of the new release to be disabled by default. This issue affected features tracked internally as FEAT-2204, FEAT-2470 and FEAT-2606.
Deprecation of API methods
All methods of the legacy API (/ll_api/ll_api) have been deprecated.
The Lastline API documentation includes a deprecation schedule
for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances
for use with Lastline Enterprise On-Premises:
