Lastline Enterprise
Use the IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension to closely monitor your Lastline Enterprise deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
- IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.3
- IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.2
- IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.1
- IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.0
IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.3
The following table shows the custom properties that are updated in IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.3.
Previous property name | Updated property name | Previous property ID | Updated property ID |
---|---|---|---|
Malware | Threat name | b62aacf9-fb50-4981-a5fa-1f3ff64c4972 | 266b1a2c-deb7-47d5-b082-f7cac7b5477c |
MessageID | Message ID | - | - |
IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.2
The following table shows the custom properties that are updated in IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.2.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
File Hash | Yes | 1 | fileHash=([^\t]+) |
MessageID | Yes | 1 | messageID=([^\t]+) |
Sender | Yes | 1 | Sender=([^\t]+) |
IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.1
Internal changes with no user impact.
IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Lastline Enterprise Content Extension 1.0.0.
Name | Regex |
---|---|
Email Subject | emailSubject=([^\t]+) |
Event Detail Link | EventDetailLink=([^\t]+) |
File Hash | fileHash=([^\t]+) |
Malware | malware=([^\t]+) |
MessageID | messageID=([^\t]+) |
Resolved Domain | ResolvedDomain=([^\t]+) |
Sender | Sender=([^\t]+) |