Blue Coat
Use the IBM Security QRadar Custom Properties for Blue Coat to closely monitor your Blue Coat SG deployment.
- IBM Security QRadar Custom Properties for Blue Coat V2.0.4
- IBM Security QRadar Custom Properties for Blue Coat V2.0.3
- IBM Security QRadar Custom Properties for Blue Coat V2.0.2
- IBM Security QRadar Custom Properties for Blue Coat V2.0.1
- IBM Security QRadar Custom Properties for Blue Coat V2.0.0
- IBM Security QRadar Custom Properties for Blue Coat V1.0.0
IBM Security QRadar Custom Properties for Blue Coat V2.0.4
The following table shows the updated custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.4.
Name | Optimized | Renamed |
---|---|---|
Server Response Time | No | Yes |
Bytes Received | No | Yes |
URL Host | No | Yes |
URL Referrer | No | Yes |
Web Category | No | Yes |
Method | No | Yes |
User Agent | Yes | No |
IBM Security QRadar Custom Properties for Blue Coat V2.0.3
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.3.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Server Response Time | Yes | 1 | time-taken=(\d+) |
IBM Security QRadar Custom Properties for Blue Coat V2.0.2
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.2.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
BytesReceived | Yes | 1 | sc-bytes=(\d+) |
IBM Security QRadar Custom Properties for Blue Coat V2.0.1
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.1.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
URL | Yes | 1 | cs-uri=(.*?:\/\/[^\s\r\n\|]+) |
URL Scheme | No | 1 | cs-uri-scheme=([^\|]*?)\| |
UrlHost | Yes Yes |
1 1 |
cs-host=(?:www\.)?([^\|]*)\| (?:http|ftp|tcp|https)\s+(?:www\.)?([^\s]+) |
URL Path | No | 1 | cs-uri-path=([^\|]*?)\| |
URL Query String | No | 1 | cs-uri-query=([^\|]*?)\| |
Referrer URL | No | 1 | cs\(Referer\)=([^\|]*?)\| |
User Agent | No | 1 | cs\(User-Agent\)=([^\|]*?)\| |
Content Type | No | 1 | rs\(Content-Type\)=([^\|]*?)\| |
Filename | Yes | 1 | cs-uri-path=[^\|]*\/([^\|]*\.[^\|]*)\| |
File Extension | Yes | 1 | cs-uri-extension=([^\|]*?)\| |
BytesSent | Yes | 1 | cs-bytes=(\d+) |
BytesReceived | No | 1 | sc-bytes=(\d+) |
Web Category | Yes Yes |
2 1 |
(OBSERVED|DENIED)\s\"([^\"]+) category=([^\|]+) |
- Bytes From Client
- Bytes From Server
IBM Security QRadar Custom Properties for Blue Coat V2.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
URL | Yes | 2 1 |
(http|ftp|tcp|https)\s+([^\s]+) (?:cs-uri=| )(?:http|ftp|tcp|https):\/\/([^\s\r\n\|]+) |
Method | No No |
1 1 |
cs-method=(\w+) (GET|POST|CONNECT|TUNNEL)\s |
Bytes From Client | No | 1 | cs-bytes=(\d+) |
Bytes From Server | No | 1 | sc-bytes=(\d+) |
Web Category | No | 2 1 |
(OBSERVED|DENIED)\s\"([^\"]+) category=([^\|]+) |
IBM Security QRadar Custom Properties for Blue Coat V1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V1.0.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
URL | Yes | 1 | (?:cs-uri=| )(?:http|ftp|tcp|https):\/\/([^\s\r\n]+) |