Blue Coat
Use the IBM® QRadar® Custom Properties for Blue Coat to closely monitor your Blue Coat SG deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as part of the automatic updates. If automatic updates are not enabled,
download the most recent version of the associated DSMs from IBM Fix Central
(https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for Blue Coat V2.0.2
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.2.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
BytesReceived | Yes | 1 | sc-bytes=(\d+) |
IBM Security QRadar Custom Properties for Blue Coat V2.0.1
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.1.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
URL | Yes | 1 | cs-uri=(.*?:\/\/[^\s\r\n\|]+) |
URL Scheme | No | 1 | cs-uri-scheme=([^\|]*?)\| |
UrlHost | Yes Yes |
1 1 |
cs-host=(?:www\.)?([^\|]*)\| (?:http|ftp|tcp|https)\s+(?:www\.)?([^\s]+) |
URL Path | No | 1 | cs-uri-path=([^\|]*?)\| |
URL Query String | No | 1 | cs-uri-query=([^\|]*?)\| |
Referrer URL | No | 1 | cs\(Referer\)=([^\|]*?)\| |
User Agent | No | 1 | cs\(User-Agent\)=([^\|]*?)\| |
Content Type | No | 1 | rs\(Content-Type\)=([^\|]*?)\| |
Filename | Yes | 1 | cs-uri-path=[^\|]*\/([^\|]*\.[^\|]*)\| |
File Extension | Yes | 1 | cs-uri-extension=([^\|]*?)\| |
BytesSent | Yes | 1 | cs-bytes=(\d+) |
BytesReceived | No | 1 | sc-bytes=(\d+) |
Web Category | Yes Yes |
2 1 |
(OBSERVED|DENIED)\s\"([^\"]+) category=([^\|]+) |
The following custom properties are removed in this release.
- Bytes From Client
- Bytes From Server
IBM Security QRadar Custom Properties for Blue Coat V2.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
URL | Yes | 2 1 |
(http|ftp|tcp|https)\s+([^\s]+) (?:cs-uri=| )(?:http|ftp|tcp|https):\/\/([^\s\r\n\|]+) |
Method | No No |
1 1 |
cs-method=(\w+) (GET|POST|CONNECT|TUNNEL)\s |
Bytes From Client | No | 1 | cs-bytes=(\d+) |
Bytes From Server | No | 1 | sc-bytes=(\d+) |
Web Category | No | 2 1 |
(OBSERVED|DENIED)\s\"([^\"]+) category=([^\|]+) |
IBM Security QRadar Custom Properties for Blue Coat V1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V1.0.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
URL | Yes | 1 | (?:cs-uri=| )(?:http|ftp|tcp|https):\/\/([^\s\r\n]+) |