Lastline Defender and Analyst Hosted Release Notes

Version 2022.2

New Features

  • Prefilter for Scripts

PREFILTER FOR SCRIPTS

A new script pre-filtering component reduces the load on customer's infrastructure by filtering out clearly benign scripts from the sandbox analysis.

This new feature was tracked internally as FEAT-6141.

Detection Improvements

  • LLAM-8565: Improved detection for modified UPX PE samples and .NET-based SharePoint user profile sync PUA PE samples.
  • LLAM-8482: Improved detection for ELF samples with malformed ELF headers.
  • LLAM-8551: Improved detection for truncated ELF samples.
  • LLAM-8554: Improve detection of Linux Roothelper exploit.
  • LLAM-8530: Improved detection of Ryucurrency miners.
  • FEAT-6978: A new detector raises alerts upon observing anomalous spikes in the number of SMB logon failures. SMB logon events occur when users authenticate prior to accessing remote resources over the network. A spike in the number of SMB logon failures can be used to identify potential bruteforce attempts.
  • LLAM-8796: Improved detection for Mshta files spawned by LNK files.
  • LLAM-8156: Improved detection for MirrorBlast Malware.
  • LLAM-8665: Improved detection for leaked Nvidia certificates.

Bug Fixes and Improvements

  • FEAT-7562: Fix and improve handling of OS security updates:
  • Ensure all tested security updates are installed when an appliance version is upgraded.
  • Remove "Install daily OS security updates automatically" setting as it is no longer applicable.
  • Ensure emergency security updates are automatically installed within 24 hrs of release.
  • Add appliance management API setting "apt_allow_ubuntu_security_updates" (default "true") to allow disabling automatic installation of emergency security updates (not recommended).
  • Notice: after a successful upgrade of an appliance to this version from an older version, it is recommended to perform a "Retrigger configuration" action from the web UI or API in order to ensure all security updates have been applied.
  • SENT-3390: Fix to an issue where mail-specific allow-lists would be incorrectly ignored by the appliance.
  • FEAT-7571: Improved account security by increasing the minimum password length to 12 characters for all new passwords.

Deprecation of API Methods

The Lastline API documentation includes a deprecation schedule for deprecated Portal API methods, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Defender Hosted:

  • Lastline Sensor version 1320
2022.1.2 2022.3