Version 7.7
New features
- Remember display settings of tables in portal
- Domain resolution information in infected host view
- Endpoint events view in portal
- E-mail analysis improvements
- URL analysis improvements
- Bug fixes and improvements
Remember display settings of tables in portal
The Lastline portal now remembers a number of display options that a user can select for key tables in the interface. This includes:
- Which columns are shown or hidden
- Relative width of columns
- Sort order
- Number of rows to display per page
The settings are stored in the browser's local storage, so that they persist across user sessions. A user can reset a table to its default display options by selecting the "Reset table" option in the hamburger menu of the table.
Domain resolution information in infected host view
The host view that shows all activity on a specified host in the protected network has been extended to include information on DNS resolutions performed by the host in question.
Endpoint events view in portal
A new endpoint events view displays information on events detected on the endpoint. Currently, this is limited to verification of IoCs (Indicators of Compromise) obtained through the integration with Tanium IoC Detect, or pushed to the Lastline API.
E-mail analysis improvements
- Improved logging on sensor about email delivery and destination address rejection.
- Improved logging on sensor about attachment filetype.
- Better handling of some non-RFC emails in MTA mode.
URL analysis improvements
Reports for URL analyses now include strings that have been observed during an analysis. They are listed in the "Memory contents" section of the report.
Bug fixes and improvements
- Improved filetype detection for obfuscated MIME structures.
- Prefilter performance improvements on the Sensor.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:
- Lastline Sensor version 704.3
There is no new installer ISO for this version: new installations
can use the latest Sensor installer ISO lastline-sensor-704-3553-3afc92b.iso
and will automatically upgrade to version 704.3 upon installation.
Deprecation of API methods
The following API methods of the legacy API (/ll_api/ll_api) are being deprecated in this version:
- add_submission_to_history
Furthermore, the following deprecated methods of the legacy API are being removed in this version:
- query_account_details
- query_accounts
- delete_account
- update_account
The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.