Lastline Defender and Analyst Hosted Release Notes

Version 2022.1

New Features

  • Suricata 6 IDS Engine

SURICATA 6 IDS ENGINE

The sensor ships with an updated version of the Suricata IDS Engine, updated to version 6.0.4. This leads to a number of performance and stability improvements as well as new security functionalities that may be leveraged in future releases.

This new feature was tracked internally as FEAT-7343

Detection Improvements

  • TRES-2598: Improved detection of the XMR miner.
  • FEAT-7287: Improved correlation of lateral movement activity into campaigns. In particular, various types of server-side lateral movement are now better supported.
  • TRES-2563: Improved detection of the Meterpreter payload.
  • TRES-2614: Improved detection of the Valyria malware.
  • LLAM-8033: Improved detection of CVE-2021-40444.
  • LLAM-8037: Reduced false positives on documents analysis.

Bug Fixes and Improvements

  • PLTF-2992: Fix bug that could result in incorrect handling of home network configuration in event processing pipeline for sensors that are part of a sensor group.
  • SENT-3343: Further fix to the problem only partially addressed by SENT-3296 where an appliance with a large number of CPU threads may stop reporting statistics on sniffing performance.
  • FEAT-7392: The version of Kibana and Elasticsearch used for the Network Explorer feature has been upgraded to version 7.15.2.
  • USER-5573: Fix the alignment of add license sensor group button.
  • LLANTA-2167: Fix an issue that caused certain some nodes (including those associated to reputation-based events) to not be included in the campaign blueprint.
  • PLTF-2922: Fix bug where customers deployed on the EMEA cloud region were unable to download ISOs.

Deprecation of API Methods

The Lastline API documentation includes a deprecation schedule for deprecated Portal API methods, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Defender Hosted:

  • Lastline Sensor version 1310
2021.7 2022.1.2