Version 7.12
New features
- Lastline Portal support for upgrading multiple appliances
- Support for filtering in appliance monitoring logs UI
- Provide hostname information for internal hosts for all network events
- Updated End User License Agreement
- Support for customizing analysis via application bundles
- Email analysis improvements
Lastline Portal support for upgrading multiple appliances
The Lastline Portal now provides better support for customers who need to manage many appliances but prefer to disable auto-upgrade of appliances to new releases. For this, the
appliances overview now offers a "Batch Upgrade" button that allows to update groups of outdated appliances, so long as the appliances to upgrade are currently online.
Note that the "Batch Upgrade" button is only visible when a customer has outdated online appliances.
Provide hostname information for internal hosts for all network events
If a Lastline Sensor is configured to "Resolve internal hostnames", it performs reverse DNS lookups to obtain host names for internal hosts. With this release, this functionality has been improved to make sure this information is available across all classes of network events.
Furthermore, we now display source hostname information also in the file downloads tab, and in proxy scenarios we now display the HTTP server hostname correctly for IDS events, regardless of the directionality of the threat.
Support for filtering in appliance monitoring logs UI
The appliance monitoring logs page has been improved by adding support for filtering the displayed logs. Monitoring logs can be filtered based on:
- Their impact level: Ok, warning or error
- The log identifier
- The component they refer to
- The appliance type
- The content of the log message itself
Updated End User License Agreement
Lastline has updated the End User License Agreement (EULA). Lastline now requires each user upon first login, or whenever the EULA changes, to agree to our terms and conditions. Any questions regarding the end user license should be directed to product@lastline.com.
Support for customizing analysis via application bundles
The analysis engine now provides an easier way to provide a custom command line for programs started in the analysis environment. By default, the system automatically infers the most applicable way to trigger analysis.
By submitting application bundles, the user can specify the exact command line and details of the environment to be used for analysis. Lastline provides utility code written in Python to generate and manipulate these bundles as described in more detail in the Analyst API documentation.
Email analysis improvements
The URL extraction from emails has been improved. Additionally, the following improvements and features for in-line mode have been added:
- Support multiple nexthop SMTP servers, with loadbalancing and failover (in this version the configuration of this feature is not exposed in the web UI and required manual configuration on the sensor. It will be exposed in the web UI in a future version).
- Reject emails via SMTP error 421 if communication with the nexthop is not possible.
- Emails that fail to be delivered to the nexthop will be stored in a local maildir mailbox. Such mailbox is rotated based on time and size.
- Ability to configure the block/warn thresholds for attachments and URLs via the web UI.
- Fix bug that would cause the sensor to fail dropping an email whose attachment is exactly at the maliciousness score threshold.
- Ability to log the email tracing information in JSON to a syslog target.
Bug fixes and improvements
- ICAP functionality fixes and monitoring improvements
Deprecation of API methods
No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:
- Lastline Sensor version 709