Version 5.5
New features
- Custom threat intelligence
- Malware analysis improvements
- Sensor bug fixes
Custom threat intelligence
Customers can now upload custom intelligence to their Lastline Enterprise installations through the Lastline Custom Intelligence API. This allows customer to provide custom blacklist IPs and domains as well as suricata-compatible IDS rules that will be deployed on their Lastline Sensors.
More information on the Lastline Custom Intelligence API can be found in the relevant chapter of the Lastline API documentation.
Malware analysis improvements
-
Improved handling of signed Windows binaries
-
Display reputation information about Android APKs
Sensor bug fixes
-
Stability improvements in multi-gigabit environments
-
Fix for incorrect handling of the X-Forwarded-For HTTP header, which in certain proxy constellations could cause an IP address of 0.0.0.0 to be reported instead of one of the connection endpoints.
Released sensor version
As part of this release, we are making available
Lastline Sensor version 591.4 for Lastline Enterprise Hosted customers.
Existing Lastline Sensor installations will be automatically upgraded
to this version if automated updates are enabled.
There is no new installer ISO for this version: new installations
can use the latest Sensor installer ISO lastline-sensor-591-843-e076969.iso
and will be automatically upgraded to version 591.4 upon installation.