Version 6.7
New features
- Email analysis improvements
- IDS improvements
- Expose Indicators of Compromise (IOC)
- Improved display of traffic capture for network events
Email analysis improvements
- In-line mode: ability to configure a separate next-hop for email bounces.
- In-line mode: increased robustness in case the next-hop sever closes the connection during email delivery.
IDS improvements
- Expanded file support: the Sensor now extracts Mach-O and Microsoft .cab archives from network traffic for processing.
- Stability enhancements in the FTP analyzer.
Expose Indicators of Compromise (IOC)
The analysis platform now supports extracting Indicators of Compromise (IOCs) from analysis runs in the Lastline sandbox. This allows the integration of host-based tools supporting IOCs in STIX format, and to verify network events on a potentially compromised machine.
Improved display of traffic capture for network events
Display of captured traffic has been improved. Contacted URLs are now displayed in the table listing captured flows. Furthermore, it is possible to filter the table to search for flows that involved a selected URL. This makes exploring the traffic captures events involving many network flows more convenient.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances:
- Lastline Sensor version 609
Deprecation of API methods
The following API methods of the legacy API (/ll_api/ll_api) are being deprecated in this version:
- query_pcaps
- get_pcaps
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.