Configuring Lastline Enterprise to communicate with QRadar

On the Lastline Enterprise system, use the SIEM settings in the notification interface to specify a SIEM appliance where Lastline can send events.

1. Log in to your Lastline Enterprise system.
2. On the sidebar, click Admin.
3. Click Reporting > Notifications.
4. To add a notification, click the Add a notification (+) icon.
5. From the Notification Type list, select SIEM.
6. In the SIEM Server Settings pane, configure the parameters for your QRadar Console or Event Collector. Ensure that you select LEEF from the SIEM Log Format list.
7. Configure the triggers for the notification:
   1. To edit existing triggers in the list, click the Edit trigger icon, edit the parameters, and click Update Trigger.
   2. To add a trigger to the list, click the Add Trigger (+) icon, configure the parameters, and click Add Trigger.
8. Click Save.