Version 2019.4
New Features
- Move Admin > Integrations items to new Notifications and Data sources sections
- New threats, hosts and attack stages intrusion summary visualization
- AI-powered detection of executable files
MOVE ADMIN > INTEGRATIONS ITEMS TO NEW NOTIFICATIONS AND DATA SOURCES SECTIONS
Two new sections have been added under Admin: Notifications and Data sources. Items have been moved from Integrations into the new sections.
This new feature was tracked internally as USER-3248
NEW THREATS, HOSTS AND ATTACK STAGES INTRUSION SUMMARY VISUALIZATION
A new visualization has been added to the Intrusion profile > Overview tab that provides insights at a glance about the threats, hosts and attack stages seen in a specific intrusion.
This new feature was tracked internally as FEAT-3965
AI-POWERED DETECTION OF EXECUTABLE FILES
Lastline introduces a new AI-powered detection capabilities for executable files. These improvements include the ability to detect similarities between an analyzed executable and known malicious samples as well as malicious code reuse.
This new feature was tracked internally as FEAT-2630
Detection Improvements
- TRES-330: Improved detection of command line arguments spoofing by malicious MS Office Macro.
- TRES-291: Improve detection of PDF with embedded malicious URL in the Lastline document prefilter.
- TRES-234: More robust extraction of malformed XML stream from Microsoft Office documents.
- TRES-74: Improved detection of Cold River malware family.
Bug Fixes and Improvements
- USER-3256: Fixed event profile page crashing when rendering information about certain events.
- USER-3207: Fixed add/edit active directory settings.
- FEAT-3972: The unique and all files downloaded views under Network > Files downloaded can now be filtered by a minimum score.
Deprecation of API methods
The Lastline API documentation includes a deprecation schedule for deprecated Lastline API methods, as well as information on how to replace usage of these deprecated methods with supported methods.
Since release 7.24, all methods of the legacy API (/ll_api/ll_api) are deprecated. The deprecation schedule also includes methods in the legacy API, as well as information on how to replace usage of these deprecated methods with supported methods.
Released appliance versions
As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:
Lastline Sensor version 1055
Deprecation of appliance versions
Since release 7.28, sensor versions before 720 are no longer compatible with Lastline backend.
Distribution Upgrade
Sensor 1055, which is being made available as part of this release, does not support Ubuntu Trusty as the underlying operating system distribution. Before upgrading, you will need to upgrade your operating system distribution to Ubuntu Xenial.
Users can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "xenial". If it is "trusty", the appliance distribution should be upgraded. A distribution upgrade can be performed by ensuring the sensor is on version 1051 and following these instructions for help with the upgrade process. This update is not done automatically to prevent unexpected downtime.
For complete information regarding the upgrade process please refer to the Lastline Support Knowledge Base.