Microsoft IAS

Use the IBM Security QRadar Custom Properties for Microsoft IAS to closely monitor your Microsoft IAS deployment.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0.

Table 1. Custom Properties in IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0
Name Optimized Capture Group Regex
Authentication Type No 1 Authentication-Type=(\d+)
Classification No 1 Class=(\d+)
Distinguished Name No 1 Fully-Qualifed-User-Name=(.*?)\t
Machine ID Yes 1 Computer-Name=(.*?)\t
Packet Type No 1 Packet-Type=(\d+)
Policy Name Yes 1 Proxy-Policy-Name=(.*?)\t
Reason Yes 1 Reason-Code=(\d+)
SAM Account Name No 1 SAM-Account-Name=(.*?)\t
Session ID No 1 Acct-Session-Id=(.*?)\t
Subsystem name Yes 1 Client-Friendly-Name=(.*?)\t