Lastline Defender and Analyst Hosted Release Notes

Version 7.23

New features

  • Improved support for ICAP integration in UI
  • Support appliance upgrade in UI as soon as new release is available
  • Email analysis improvements
  • File analysis improvements
  • URL analysis improvements
  • Traffic sniffing improvements
  • Bug fixes and improvements

Improved support for ICAP integration in UI

Our support for integrating with HTTP proxies using the ICAP protocol has been improved:

  • Add support for configuring ICAP blocking settings through the appliance configuration view of the Appliances tab. If the sensor appliance was previously configured for blocking by editing the local file /etc/appliance-config/override.yaml, we recommend removing the relevant lines from the override file.

  • Metrics about the ICAP integration are now available in the ICAP Metrics view.

This improvement is tracked internally as FEAT-1507.

Support appliance upgrade in UI as soon as new release is available

Starting from this release, customers will be able to upgrade their appliances in the Appliances tab of the portal as soon as soon as a new release is announced.

Before this release, customers could only do this after Lastline had triggered auto-upgrade for the release.

This change allows customers who want to get access to the new version earlier to do that.

This improvement is tracked internally as FEAT-423.

Email analysis improvements

  • LLMAIL-337: Warn in manager web UI if email queue utilization is above 85%.
  • FEAT-1773: Allow users to enable a workaround to prevent Microsoft Outlook Web Mail from displaying body of blocked emails as attachment.

File analysis improvements

  • LLWEB-1701: Improvements to the extraction of JavaScript code from PDF files.
  • LLFILE-359: Improvements to the file type detection accuracy of Microsoft Powerpoint Slideshow files.
  • LLFILE-344: Improvements to the file type detection of MSI installer packages.
  • LLADOC-388: Improvements to the file type detection for data/scripts embedded in documents.
  • SIGREPSCAN-276/277: Improvements to the detection of stalling/download activity using system utilities.
  • LLADOC-355: Improvements to the detection of ROP-based document exploits.
  • LLADOC-378: Improvements to the detection of EPS-based document exploits.
  • LLADOC-386: Improvements to the extraction of URLs embedded in Microsoft Office documents.
  • LLADOC-401: Improvements to the extraction of Macro content from Microsoft Office documents.

URL analysis improvements

  • LLWEB-1707: Improvements to the handling of HTA resources.

  • LLWEB-1690: Improvements to the handling of resources downloaded via Content-Disposition header.

  • LLWEB-1686: Improvements to the detection of ROP-based shellcode.

Traffic sniffing improvements

  • SENT-583: Improvements to file extraction when transferring script files.

  • SENT-583, LLWEB-1705: Improvements to on-the-wire webpage inspection detection capabilities.

Bug fixes and improvements

  • FEAT-1590: display help for Network IoC tags in the Intelligence tab.

  • FEAT-1308: display the page title in the navbar at the top of the page in the Lastline Portal.

  • USER-2115: make appliance selection persistent across all views of Appliances tab.

  • SENT-544: improvements to ICAP service stability and performance.

  • SURI-586: bug fix addressing possible false positives in TLS C&C detection.

Deprecation of API methods

No additional methods of the legacy API (/ll_api/ll_api) are being deprecated or removed in this version.

The Lastline API documentation includes a deprecation schedule for methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.

Released appliance versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:

  • Lastline Sensor version 720

Deprecation of appliance versions

Sensor versions before 720 are being deprecated with this release. These deprecated sensor versions however will remain supported at least until hosted release 7.25.

Sensor versions before 717 were deprecated in release 7.20. We will be dropping support for sensor versions before 717 with release 7.24. With that release, older sensor versions will no longer be able to perform detection, but it will remain possible to upgrade those sensors to the latest version to restore functionality.

7.22 7.24