Lastline Defender and Analyst Hosted Release Notes

Version 5.1

New features

  • Revamped notification support
  • User comments on incidents and events
  • Analysis engine improvements
  • Lastline Sensor version 581
  • Minor fixes

Revamped Notification Support

Lastline Enterprise can be configured to react to the detection of malware in the protected network in three ways:

  • Sending an email notification
  • Sending a CEF message to a Security Information and Event Management (SIEM) system
  • Sending reputation information for network hosts to an HP Tipping Point SMS server

These three backends have been unified into a single notification architecture that brings several advantages to Lastline Enterprise Users:

  • Uniform configuration
  • More configuration options for selecting what type of detections should lead to a notification being sent out and how these notifications should be rate-limited
  • The push-based implementation means that email notifications are sent in a more timely manner
  • Mail notifications can now be sent also when a malicious mail attachment has been detected
  • Mail notifications now include additional information on the detection

User comments on incidents and events

New functionality has been added to our incident and event details views, that allows users to comment on individual detections on the network. This can be helpful for coordinating investigation and response to an incident. Users of Lastline Enterprise Hosted can also use this feature to provide feedback to Lastline about the accuracy of our detection.

Analysis Engine improvements

  • Android analysis: engine extension for extracting additional information from fake Banking applications (APKs)
  • Windows PE analysis: support extraction of full-process dumps in IDA-Pro compatible format

Lastline Sensor version 581

As part of this release, we are making available Lastline Sensor version 581, with the following additional features:

  • Improved support for HTTP proxies. The X-Forwarded-For request header is now handled in all cases for alerting about clients behind an HTTP proxy. This functionality can be enabled with the sensor configuration option "Monitor HTTP Requests From an HTTP Proxy"
  • Support for capturing files downloaded or uploaded over FTP

Minor fixes

  • Bugfix in file analysis reports: the malicious activity section and the memory dumps section in certain circumstances could display incomplete or incorrect information
  • Functionality to rename sensors is once again available in the Lastline Portal
  • Do not allow non-administrator users to see other user's analysis history
  • Fix bug in mail page that could lead to inconsistency between the number of analyzed attachments displayed between the mail attachments graph and the mail attachments list
5.0 5.2