ReaQta
The IBM Security QRadar Custom Properties for ReaQta content extension adds new custom event properties for ReaQta.
IBM Security QRadar Custom Properties for ReaQta 1.0.0
The following table shows the custom event properties in IBM® Security QRadar® Custom Properties for ReaQta 1.0.0.
| Property Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Account Security ID | No | 1 | "userSID":"(.*?)" |
| Alert Severity | Yes | JSON | /"severity" |
| File Directory | Yes | 1 | "path":"([^"]+)\\\\[^\\]*?" |
| File Size | No | 1 | "size":(.*?), |
| Filename | Yes | 1 | "filename":"(.*?)" |
| Hostname | Yes | JSON | /"endpointState"/"name" |
| Impact | Yes | JSON | /"impact" |
| Logon ID | Yes | 1 | "logonId":"(.*?)" |
| Machine ID | Yes | JSON | /"endpoint"/"machineId" |
| MD5 Hash | Yes | 1 | "md5":"(.*?)" |
| Message | No | JSON | /"notes" |
| OS Name | No | JSON | /"endpoint"/"os" |
| Parent Process ID | No | 1 | "ppid":(\d+), |
| Policy Name | Yes | 1 | "policyTitle":"(.*?)" |
| Privilege Level | Yes | 1 | "privilegeLevel":"(.*?)" |
| Process CommandLine | Yes | 1 | "script":\s*?"(.*?[^\\])" |
| Process Id | Yes | 1 | "pid":(\d+), |
| Process Name | Yes | 1 | "process".*?"filename":"(.*?)" |
| Relevance Level | Yes | 1 | "relevance":(.*?), |
| SHA1 Hash | Yes | 1 | "sha1":"(.*?)" |
| SHA256 Hash | Yes | 1 | "sha256":"(.*?)" |
| Threat Category | No | JSON | /"alertStatus" |
| Threat Name | Yes | JSON | /"title" |