Lastline Defender and Analyst Hosted Release Notes

Version 5.6

New features

  • Windows Active Directory Integration
  • SIEM Notifications in LEEF format
  • Improved Appliances UI
  • File analysis improvements
  • Sensor improvements

Windows Active Directory Integration

Lastline Enterprise Sensors can now integrate with Windows Domain Controllers to obtain information on Windows user accounts that are logged in to hosts in the protected network. Information on logged in users can then be displayed in event and incident details.

For information on how to set up active directory integration, see the relevant section of the Portal guide.

SIEM Notifications in LEEF format

When sending notifications to a Security information and event management (SIEM) appliance over the syslog protocol, Lastline Enterprise now supports two message formats:

  • Common Event Format (CEF), used by HP Arcsight
  • Log Event Extended Format (LEEF), used by IBM Qradar

Previous versions of Lastline Enterprise supported exclusively the CEF format. The format can be selected in the notification configuration.

Improved Appliances UI

The Appliances tab was subject to a major redesign with improved usability and additional features.

  • System metrics are now available for all appliance types, not just sensors
  • Appliance monitoring logs are now available, which provide additional information about the status of Lastline Appliances.
  • New interface for selecting one or more appliances to view
  • Streamlined navigation throughout the Appliance UI.

File analysis improvements

  • UI Support for providing a password when submitting encrypted archives for analysis
  • Show packer information from PEiD in analysis reports
  • Fix display of long URLs and Unicode file names in Analysis History
  • Preserve file name of file submitted for analysis when submitting through UI
  • Fixed multiple bugs in display of file analysis reports

Sensor improvements

  • Improved decryption of email attachments using passwords mentioned in emails

Released sensor version

As part of this release, we are making available Lastline Sensor version 594.2 for Lastline Enterprise Hosted customers. Existing Lastline Sensor installations will be automatically upgraded to this version if automated updates are enabled. There is no new installer ISO for this version: new installations can use the latest Sensor installer ISO lastline-sensor-591-843-e076969.iso and will be automatically upgraded to version 594.2 upon installation.

5.5.1 6.0