Microsoft IAS
Use the IBM Security QRadar Custom Properties for Microsoft IAS to closely monitor your Microsoft IAS deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Authentication Type | No | 1 | Authentication-Type=(\d+) |
| Classification | No | 1 | Class=(\d+) |
| Distinguished Name | No | 1 | Fully-Qualifed-User-Name=(.*?)\t |
| Machine ID | Yes | 1 | Computer-Name=(.*?)\t |
| Packet Type | No | 1 | Packet-Type=(\d+) |
| Policy Name | Yes | 1 | Proxy-Policy-Name=(.*?)\t |
| Reason | Yes | 1 | Reason-Code=(\d+) |
| SAM Account Name | No | 1 | SAM-Account-Name=(.*?)\t |
| Session ID | No | 1 | Acct-Session-Id=(.*?)\t |
| Subsystem name | Yes | 1 | Client-Friendly-Name=(.*?)\t |