Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Lastline Integration Guide

integrations network lastline

Syslog notifications must be configured in the Lastline Portal in order to send logs via syslog to the Taegis™ XDR Collector. Please follow the instructions in this guide to enable logging for your sensors.

Connectivity Requirements

Source Destination Port/Protocol
Lastline Sensor Taegis™ XDR Collector (mgmt IP) UDP/514

Data Provided from Integration

  Antivirus Auth DHCP DNS Email Encrypt Filemod HTTP Management Netflow NIDS Process Thirdparty
LastLine   Y                 D    

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections


Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Configuration Instructions

Consider the following requirements when completing the configuration steps:

To configure logging in the Lastline Portal, please follow these instructions:

  1. In the Lastline Portal, select Admin from the main menu, and then alter your view from Accounts to Notifications.


Navigate to Admin > Notifications

  1. On the Notifications page, select Syslog, and then select the + Add a notification icon above the table.


Select + Add a notification

  1. In the Create Syslog Notification section, complete the following:


Create Syslog Notification

  1. In the SIEM Server Settings section, complete the following:


SIEM Server Settings

  1. In the Triggers section, complete the following:


Enable Audit and Intrustion Triggers

  1. Scroll down and select Save. A Syslog Notification Configuration Summary window displays, from which you can choose to Send Test Notification, Edit the configuration, or Close to return to the Syslog Notifications page.


On this page: