Lastline Defender and Analyst Hosted Release Notes

Version 24.1.1

Bug Fixes and Improvements

  • FEAT-8107: The maximum file size limit able to be configured for files uploaded from a sensor appliance in Hosted NSX Lastline Defender deployments has been increased from 64MB to 200MB.
  • SENT-3889: Fix to an issue that was preventing the sniffing pipeline to submit for analysis any file larger than 8MB.
  • SENT-3892: Fix to an issue where the upgrade of an appliance with a bonded interface configured would fail. Starting with this release, there is no more need to configure bonded interfaces to ingest traffic from TAP deployments.
  • SENT-3896: Fix to an issue where an appliance using Silicom NICs may never fail-close after a reconfiguration.
  • SENT-3891: Fix to an issue that could cause the sniffing service to not operate correctly in appliances with large amounts of RAM and cores.
  • SENT-3901: Fix to an issue that would cause the sniffing pipeline to fail to reconfigure itself when the sniffing interface uses certain drivers that are not officially tested or supported (e.g. HyperV NICs).
  • SENT-3893: Fix to an issue where the appliance configuration would fail if sniffing services are enabled but no sniffing interfaces are defined. This release corrects this behavior by implicitly disabling the sniffing services if no sniffing interfaces are defined.
  • SENT-3890: Fix to an issue where the appliance would not operate correctly in setups where the injection interface also happens to be a sniffing interface.

Deprecation of API Methods

The Lastline API documentation includes a deprecation schedule for deprecated Lastline API methods, as well as information on how to replace usage of these deprecated methods with supported methods.

Released Appliance Versions

As part of this release, we are making available the following versions of Lastline appliances for use with Lastline Enterprise Hosted:

Lastline Sensor version 1380.1

For help on the upgrade process, please refer to the following instructions. This update is not done automatically to prevent unexpected downtime. Distribution Upgrade

Sensor 1380.1 supports Ubuntu 20.04 (Focal) as underlying operating systems on new installation. When upgrading a pre-existing appliance using the previous Ubuntu release (bionic) the distribution will not be upgraded to Focal at this stage. We will offer tooling for upgrading the distribution of pre-existing appliances in a later release. Sensor version 1220 was the final version to support Ubuntu Xenial as our operating system distribution. In order to upgrade to 1380.1, you must be running Bionic as the operating system distribution. You can check the distribution in use by an appliance in the Appliance Status view of the portal. The "Base Distribution" listed should be "bionic". If it is "xenial", the appliance distribution needs to be upgraded.

24.1 24.2