Version 7.8
New features
- Support for inline deployment of the Sensor
- Support for customized Sensor-side whitelisting of events
- Bug fixes and improvements
Support for inline deployment of the Sensor
The Lastline Sensor now supports inline deployment using one pair of network interfaces. In inline mode the Sensor actively relays traffic between the pair of interfaces. The Sensor can be configured to block activity by firewalling offending activity at varying flow granularities, and supports HTTP 302 redirection of visits to known-bad URLs.
Simultaneous operation of additional passive sniffing ports is supported.
This configuration needs to be done with the assistance of a Lastline engineer. We will expand automation and UI support in a future release.
Support for customized Sensor-side whitelisting of events
We now support customized whitelisting of events directly on the Sensor, including file hashes, domain names, and IP addresses. This whitelisting applies to blacklist hits, file artifact extraction, and signature hits.
Bug fixes and improvements
- We now correctly report the contacted host's name when the Sensor resides behind an HTTP proxy.
- Customer-provided signatures with the REJECT action now correctly downgrade to alerting when blocking is not enabled.
- Improved configurability of flow hashing with/without VLAN IDs.
- Flow state timeouts in the sniffer are now tunable, to accommodate site-specific needs.
- Expanded analysis of archive contents, including script files and nested archives.
- Support for RAR archives of version 5+, ACE archives, and Windows Script Files.
- Improved coverage of DMG images and MIME archives.
- More robust filetype detection for script types.
- Prefilter performance improvements on the Sensor.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:
- Lastline Sensor version 705