Lastline Defender and Analyst Hosted Release Notes

Version 7.19

New features

  • Improved interface for managing licenses and sensors
  • More granular permissions for downloading analyzed files
  • Audit log extensions
  • New protocol for communication between Sensor and backend
  • Improved analysis of URLs embedded in Microsoft Office documents
  • Email analysis improvements
  • Support for Silicom bypass adapters in the inline Sensor
  • Bug fixes and improvements

Improved interface for managing licenses and sensors

The interface for viewing and managing license and sensor subkey information has been redesigned, and now provides the following pages.

  • License details page for managing license details such as organization and contact information

  • Licenses page lists all active and non active licenses

  • Sensors page lists all sensor subkeys, optionally filtered by license, and allows to rename them, activate and de-activate them

  • Add Sensor page allows to generate a new sensor license

More granular permissions for downloading analyzed files

This release adds two new permissions that provide granular control for access to analyzed files.

  • The "can_access_analyzed_files" permission allows users to download files of less sensitive types that were analyzed by Lastline. These are files such as executables and scripts that are less likely to include sensitive information.

  • The "can_access_sensitive_analyzed_files" permission allows users to download files of more sensitive types that were analyzed by Lastline. These are files such as Office documents or PDFs, that are more likely to include sensitive information. This permission does not imply "can_access_analyzed_files", so both permissions should be granted individually.

Note that, as for all permissions, accounts with administrator permission implicitly have these new permissions as well. Other users who wish to download analyzed files will need to request these permissions from their administrator.

Audit log extensions

With this release, additional information will be included in the audit log which is available in the Lastline portal, API, and in audit log notifications.

  • Include creation of new sensor subkeys
  • Include updates to a sensor subkey, including activating or de-activating it
  • Include updates to license information

New protocol for communication between Sensor and backend

Sensors released with this version use a new communication protocol to talk to the backend to download threat intelligence and upload detection information. The new protocol provides improved reliability and robustness compared to the legacy one.

To support older Sensor versions, our backend continues to support the legacy protocol, which will remain supported at least until hosted release 7.21.

Improved analysis of URLs embedded in Microsoft Office documents

With this release, the analysis system will extract and follow URLs embedded in more types of documents (specifically Microsoft Office) submitted for analysis. Any anomalies found as part of the URL analysis are included in the classification of the originally analyzed document.

Email analysis improvements

  • Allow customization of what email/SMTP headers are used for reporting sender and recipients of analyzed emails.
  • Allow overriding the default maximum line length for IMAP.
  • Relax the strictness of the recipient email address parsing for SMTP sniffing.

Support for Silicom bypass adapters in the inline Sensor

The Lastline Sensor now supports Silicom's bypass adapters, enabling packet forwarding in the presence of appliance failure or power outages.

Bug fixes and improvements

  • Fix memory consumption problem in classification of corrupted CDF documents.
  • Improved resilience to erroneous whitespace in IDS range variables provided via the Custom Intelligence API.
  • Improved robustness when handling base64-encoded files.
  • Improved configurability of pcap filter expressions on the Sensor, supporting e.g. capture only on select VLANs.

Deprecation of API methods

No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:

  • Lastline Sensor version 716

Deprecation of appliance versions

Because of the change to the communication protocol between sensor and backend, sensor versions before 716 are being deprecated with this release. These deprecated sensor versions however will remain supported at least until hosted release 7.21.

7.18 7.20