Blue Coat

Use the IBM Security QRadar Custom Properties for Blue Coat to closely monitor your Blue Coat SG deployment.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar Custom Properties for Blue Coat V2.0.4
IBM Security QRadar Custom Properties for Blue Coat V2.0.3
IBM Security QRadar Custom Properties for Blue Coat V2.0.2
IBM Security QRadar Custom Properties for Blue Coat V2.0.1
IBM Security QRadar Custom Properties for Blue Coat V2.0.0
IBM Security QRadar Custom Properties for Blue Coat V1.0.0

IBM Security QRadar Custom Properties for Blue Coat V2.0.4

The following table shows the updated custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.4.

Table 1. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.4
Name	Optimized	Renamed
Server Response Time	No	Yes
Bytes Received	No	Yes
URL Host	No	Yes
URL Referrer	No	Yes
Web Category	No	Yes
Method	No	Yes
User Agent	Yes	No

_{(Back to top)}

IBM Security QRadar Custom Properties for Blue Coat V2.0.3

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.3.

Table 2. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.3
Name	Optimized	Capture Group	Regex
Server Response Time	Yes	1	`time-taken=(\d+)`

_{(Back to top)}

IBM Security QRadar Custom Properties for Blue Coat V2.0.2

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.2.

Table 3. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.2
Name	Optimized	Capture Group	Regex
BytesReceived	Yes	1	sc-bytes=(\d+)

_{(Back to top)}

IBM Security QRadar Custom Properties for Blue Coat V2.0.1

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.1.

Table 4. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.1
Name	Optimized	Capture Group	Regex
URL	Yes	1	cs-uri=(.*?:\/\/[^\s\r\n\\|]+)
URL Scheme	No	1	cs-uri-scheme=([^\\|]*?)\\|
UrlHost	Yes Yes	1 1	cs-host=(?:www\.)?([^\\|]*)\\| (?:http\|ftp\|tcp\|https)\s+(?:www\.)?([^\s]+)
URL Path	No	1	cs-uri-path=([^\\|]*?)\\|
URL Query String	No	1	cs-uri-query=([^\\|]*?)\\|
Referrer URL	No	1	cs\(Referer\)=([^\\|]*?)\\|
User Agent	No	1	cs\(User-Agent\)=([^\\|]*?)\\|
Content Type	No	1	rs\(Content-Type\)=([^\\|]*?)\\|
Filename	Yes	1	cs-uri-path=[^\\|]\/([^\\|]\.[^\\|]*)\\|
File Extension	Yes	1	cs-uri-extension=([^\\|]*?)\\|
BytesSent	Yes	1	cs-bytes=(\d+)
BytesReceived	No	1	sc-bytes=(\d+)
Web Category	Yes Yes	2 1	(OBSERVED\|DENIED)\s\"([^\"]+) category=([^\\|]+)

The following custom properties are removed in this release.

Bytes From Client
Bytes From Server

_{(Back to top)}

IBM Security QRadar Custom Properties for Blue Coat V2.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.0.

Table 5. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.0
Name	Optimized	Capture Group	Regex
URL	Yes	2 1	(http\|ftp\|tcp\|https)\s+([^\s]+) (?:cs-uri=\| )(?:http\|ftp\|tcp\|https):\/\/([^\s\r\n\\|]+)
Method	No No	1 1	cs-method=(\w+) (GET\|POST\|CONNECT\|TUNNEL)\s
Bytes From Client	No	1	cs-bytes=(\d+)
Bytes From Server	No	1	sc-bytes=(\d+)
Web Category	No	2 1	(OBSERVED\|DENIED)\s\"([^\"]+) category=([^\\|]+)

_{(Back to top)}

IBM Security QRadar Custom Properties for Blue Coat V1.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V1.0.0.

Table 6. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V1.0.0
Name	Optimized	Capture Group	Regex
URL	Yes	1	(?:cs-uri=\| )(?:http\|ftp\|tcp\|https):\/\/([^\s\r\n]+)

_{(Back to top)}