Lastline Defender and Analyst Hosted Release Notes

Version 2021.2

New Features

We are planning on changing the public IP addresses that are used by Lastline backend services to reflect our move away from an older datacenter provider to more scalable infrastructure. These are the IP addresses assigned to lastline.com contacted by Lastline appliances (such as log.lastline.com, user.lastline.com, management.lastline.com, update.lastline.com, and anonvpn.lastline.com) when accessing services like cloud APIs and image registries. This will affect both hosted and on-premise installations of all Lastline products.

It is required that these IP addresses are permitted by firewall rules to prevent service issues when these IP addresses are expected go live in August 2021.

The new IP address range is 66.170.109.0/24

Detection Improvements

  • LLAM-6684: Improved detection of ability to run hidden PowerShell scripts.
  • LLAM-6985: Added detection of condrv.sys DoS vulnerability.

Bug Fixes and Improvements

  • CINF-696: The default ntp server configured in lastline_register for appliances has been changed from update.lastline.com (or update.emea.lastline.com) to ntp.lastline.com (or ntp.emea.lastline.com. This will not affect existing installations, however in a future release update.lastline.com (and update.emea.lastline.com) will no longer be an applicable domain for the ntp server configuration.
  • USER-5172: Addressed cases in which invalid or floating-point time values could yield incorrect downstream calculations, resulting in invalid API parameters.
  • USER-5185: Addressed issue where Analysts were being directed to 404 page on log in.
  • USER-5184: Addressed cases in which undefined subkey value could yield incorrect resulting in invalid API parameters.
  • USER-5158: Addressed case where updating an alert management rule failed to update the alert management rules table.
  • PLTF-2317: Fixed an issue where permission was denied when providing license parameters for /papi/intel APIs.

Deprecation of API Methods

The Lastline API documentation includes a deprecation schedule for deprecated Portal API methods, as well as information on how to replace usage of these deprecated methods with supported methods.

2021.1 2021.3