Version 7.5
New features
- Interface-specific packet filters on Sensors
- Bug fixes and improvements
Interface-specific packet filters on Sensors
In scenarios where the surrounding network configuration makes it difficult to avoid sniffing redundant or conflicting traffic flows, the appliance now supports customizable packet filters for each sniffing interface. One example of this is SSL strippers, where the Sensor might see the encrypted SSL stream on one interface and a decrypted version using the same flow tuple on another.
This feature needs to be configured by a Lastline engineer, it is not UI-enabled.
Bug fixes and improvements
- Significantly faster and more accurate artifact prefiltering and processing on the Sensor
- More reliable operation of Sensors deployed behind proxies
- Much improved coverage of pcaps for alerted traffic flows
- Auto-detection of additional Intel X520 variants for enhanced packet capture
- Updated IDS codebase to Suricata 2.0.9 and libhtp 0.5.18
- Improved ICAP support for file extraction
- Improved OLE file classification
- Improved robustness in the FTP analyzer
- Improved accuracy of traffic volume counters
- Added registry value details to IOC reports in OpenIOC format
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:
- Lastline Sensor version 703