IBM Cloud
Use the IBM Security QRadar Custom Properties for IBM Cloud® to closely monitor your IBM Cloud deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for IBM Cloud 1.1.1
The following table shows the custom properties that are updated in IBM Security QRadar Custom Properties for IBM Cloud 1.1.1.
Name | Details |
---|---|
Originating Host | Updated property type to string. |
ProcessID | Property is now optimized. |
Region | Updated property description. |
IBM Security QRadar Custom Properties for IBM Cloud 1.1.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for IBM Cloud 1.1.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Account Name | Yes | 1 | typeURI".*?"name":"(.*?)" |
AccountID | No | 1 | id":"(.*?)" account_id":"(.*?)" |
Data Accessed | Yes | 1 | data":\{".*?":"(.*?)" |
Destination Host Name | Yes | 1 | target":"(.*?)" |
Filename | Yes | 1 | file":"?.*/(.*?)" file":"(.*?)" |
Hostname | Yes | 1 | host":"(.*?)" |
Machine ID | Yes | 1 | instance:(.*?)" |
Message | No | 1 | message":"(.*?)" message":"(.*?)","log_level |
Method | No | 1 | method":"(.*?)" |
Originating Host | Yes | 1 | o_host.*?address":"(.*?)" |
Process Guid | No | 1 | process_guid":"(.*?)" |
Process Id | No | 1 | process_id":(\d+) process":"(.*?)" |
Region | Yes | 1 | audit-log:(.*?): Context region":"(.*?)" |
Request URI | Yes | 1 | o_target".*?typeURI":"(.*?)" |
Response Code | No | 1 | reasonCode":(\d+) status":(\d+) |
Service Name | Yes | 1 | instance_name":"(.*?)" |
Source Host Name | Yes | 1 | source":"(.*?)" |
Transaction ID | No | 1 | X-Global-Transaction-Id":"(.*?)" transactionId":"(.*?)" global-transaction-id":"(.*?)" |
URL | Yes | 1 | url":"(.*?)" |
User Agent | No | 1 | User-Agent":"(.*?)" agent":"(.*?)" |
User ID | Yes | 1 | userAccountIds":\["(.*?)" |