LANGuardian 12.4 Release Notes
This is a minor release for LANGuardian 12.4, with the following new features and bug fixes:
Upgrade to Snort 2.9. The Snort IDS engine has been upgraded to Snort version 2.9.7. This allows LANGuardian to take advantage of new keywords supported in IDS signatures for Snort 2.9, distributed from the ET Open project.
SMTP Email decoder enhancements
The SMTP decoder has been upgraded to record the following information
- Attachments to SMTP emails, including attachment name, MIME type and description
- Embedded hyper Link detection in emails. This is a beta release for evaluation. Where an SMTP email contains a hyper link, but the link target doesn’t seem to match the description, LANGuardain will log the link target and the description.
See report “Email :: By Sender”.
Top Website Domains report
The Website monitoring module has been upgraded to now report on HTTPS domains. Domain information (such as https://facebook.com) and traffic volumes are recorded. Individual URIs are encrypted and cannot be reported. See report “Web :: Top Website Domains”.
The Bittorrent decoder has been upgraded to record Peer Exchange messages (PEX). This increases the detection rate for Bittorrent activity and will record media titles, if included in the PEX message. See report “Bittorrent :: Search by Info Hash”
Change lguser password from GUI
Administrators can now set the password for the lguser account, to enable access to the LANGuardian console, to run commands such as tcpdump. See Settings -> System
Syslog forwarding of events
A new configuration page has been added to manage the forwarding of events to external syslog collector (SIEM) systems. See Settings -> Alerts Configuration
The following bugs have been resolved in 12.4
2515 URIs containing %0a break csv output
3228 Drilling down fails on certain URLs
3248 Source IP Filter for Top Protocols not being passed to Top Talkers
3279 Flow direction wrong for UDP multicast packets incorrectly reported
3280 Valid BPF value not accepted on sensor settings page
3283 An error is returned when you enter the following bpf filter not net (10.6.0.0/16 or 10.5.0.0/16)
3299 DNS Warning Message during Install
3300 Netscan report reporting IP range a ‘UnKnown’
3317 Sensor status page link status is n/a for all local interfaces
3323 Quotes in IDS signatures displayed as %22