IBM Cloud
Use the IBM Security QRadar Custom Properties for IBM Cloud® to closely monitor your IBM Cloud deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for IBM Cloud 1.1.1
The following table shows the custom properties that are updated in IBM Security QRadar Custom Properties for IBM Cloud 1.1.1.
| Name | Details |
|---|---|
| Originating Host | Updated property type to string. |
| ProcessID | Property is now optimized. |
| Region | Updated property description. |
IBM Security QRadar Custom Properties for IBM Cloud 1.1.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for IBM Cloud 1.1.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Account Name | Yes | 1 | typeURI".*?"name":"(.*?)" |
| AccountID | No | 1 | id":"(.*?)" account_id":"(.*?)" |
| Data Accessed | Yes | 1 | data":\{".*?":"(.*?)" |
| Destination Host Name | Yes | 1 | target":"(.*?)" |
| Filename | Yes | 1 | file":"?.*/(.*?)" file":"(.*?)" |
| Hostname | Yes | 1 | host":"(.*?)" |
| Machine ID | Yes | 1 | instance:(.*?)" |
| Message | No | 1 | message":"(.*?)" message":"(.*?)","log_level |
| Method | No | 1 | method":"(.*?)" |
| Originating Host | Yes | 1 | o_host.*?address":"(.*?)" |
| Process Guid | No | 1 | process_guid":"(.*?)" |
| Process Id | No | 1 | process_id":(\d+) process":"(.*?)" |
| Region | Yes | 1 | audit-log:(.*?): Context region":"(.*?)" |
| Request URI | Yes | 1 | o_target".*?typeURI":"(.*?)" |
| Response Code | No | 1 | reasonCode":(\d+) status":(\d+) |
| Service Name | Yes | 1 | instance_name":"(.*?)" |
| Source Host Name | Yes | 1 | source":"(.*?)" |
| Transaction ID | No | 1 | X-Global-Transaction-Id":"(.*?)" transactionId":"(.*?)" global-transaction-id":"(.*?)" |
| URL | Yes | 1 | url":"(.*?)" |
| User Agent | No | 1 | User-Agent":"(.*?)" agent":"(.*?)" |
| User ID | Yes | 1 | userAccountIds":\["(.*?)" |