Lastline Defender and Analyst Hosted Release Notes

Version 7.2

New features

  • Sensor improvements
  • Improved document structure analysis
  • Improved traffic capture display
  • Resizable table columns in portal
  • Various analysis report bug fixes
  • Sensor registration wizard improvements

Sensor improvements

  • The IDS component has been improved considerably, including support for more powerful signatures (compatible with Suricata 2.0), improved detection and parsing of app-layer protocols, and more resilient parsing of TCP streams.

  • The Sensor now also extracts and examines Microsoft Cabinet archives and as well as Apple PKG files.

  • Packet capture with supported 10Gbps NICs now features more robust auto-configuration and improved performance.

  • The Sensor now correctly reports absolute URIs in proxied HTTP requests.

  • Various robustness and performance improvements in the Sensor-side handling of extracted files, including improved coverage of archive contents.

Improved document structure analysis

The analysis of document files was improved to better extract embedded document content, for example from Microsoft Office macros.

Improved traffic capture display

Display of the traffic captured as part of a network event has been improved:

  • Show multiple HTTP Request/Response pairs in HTTP protocol view

  • Permalink to display of individual traffic capture

Resizable table columns in portal

Tables throughout the Lastline Portal have been improved to support drag-and-drop resizing of table columns.

Sensor registration wizard improvements

The wizard offered by the lastline_register command has been improved by:

  • making user messages and user prompts clearer
  • making error messages more descriptive
  • reducing the required user input for the standard cases
  • preventing the selection of expired licenses during registration

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:

  • Lastline Sensor version 701

Deprecation of API methods

No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

7.1 7.3