Blue Coat

Use the IBM® QRadar® Custom Properties for Blue Coat to closely monitor your Blue Coat SG deployment.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar Custom Properties for Blue Coat V2.0.2
IBM Security QRadar Custom Properties for Blue Coat V2.0.1
IBM Security QRadar Custom Properties for Blue Coat V2.0.0
IBM Security QRadar Custom Properties for Blue Coat V1.0.0

IBM Security QRadar Custom Properties for Blue Coat V2.0.2

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.2.

Table 1. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.2
Name	Optimized	Capture Group	Regex
BytesReceived	Yes	1	sc-bytes=(\d+)

_{(Back to top)}

IBM Security QRadar Custom Properties for Blue Coat V2.0.1

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.1.

Table 2. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.1
Name	Optimized	Capture Group	Regex
URL	Yes	1	cs-uri=(.*?:\/\/[^\s\r\n\\|]+)
URL Scheme	No	1	cs-uri-scheme=([^\\|]*?)\\|
UrlHost	Yes Yes	1 1	cs-host=(?:www\.)?([^\\|]*)\\| (?:http\|ftp\|tcp\|https)\s+(?:www\.)?([^\s]+)
URL Path	No	1	cs-uri-path=([^\\|]*?)\\|
URL Query String	No	1	cs-uri-query=([^\\|]*?)\\|
Referrer URL	No	1	cs\(Referer\)=([^\\|]*?)\\|
User Agent	No	1	cs\(User-Agent\)=([^\\|]*?)\\|
Content Type	No	1	rs\(Content-Type\)=([^\\|]*?)\\|
Filename	Yes	1	cs-uri-path=[^\\|]\/([^\\|]\.[^\\|]*)\\|
File Extension	Yes	1	cs-uri-extension=([^\\|]*?)\\|
BytesSent	Yes	1	cs-bytes=(\d+)
BytesReceived	No	1	sc-bytes=(\d+)
Web Category	Yes Yes	2 1	(OBSERVED\|DENIED)\s\"([^\"]+) category=([^\\|]+)

The following custom properties are removed in this release.

Bytes From Client
Bytes From Server

_{(Back to top)}

IBM Security QRadar Custom Properties for Blue Coat V2.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.0.

Table 3. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V2.0.0
Name	Optimized	Capture Group	Regex
URL	Yes	2 1	(http\|ftp\|tcp\|https)\s+([^\s]+) (?:cs-uri=\| )(?:http\|ftp\|tcp\|https):\/\/([^\s\r\n\\|]+)
Method	No No	1 1	cs-method=(\w+) (GET\|POST\|CONNECT\|TUNNEL)\s
Bytes From Client	No	1	cs-bytes=(\d+)
Bytes From Server	No	1	sc-bytes=(\d+)
Web Category	No	2 1	(OBSERVED\|DENIED)\s\"([^\"]+) category=([^\\|]+)

_{(Back to top)}

IBM Security QRadar Custom Properties for Blue Coat V1.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Blue Coat V1.0.0.

Table 4. Custom Properties in IBM Security QRadar Custom Properties for Blue Coat V1.0.0
Name	Optimized	Capture Group	Regex
URL	Yes	1	(?:cs-uri=\| )(?:http\|ftp\|tcp\|https):\/\/([^\s\r\n]+)

_{(Back to top)}