Microsoft IAS
Use the IBM Security QRadar Custom Properties for Microsoft IAS to closely monitor your Microsoft IAS deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Authentication Type | No | 1 | Authentication-Type=(\d+) |
Classification | No | 1 | Class=(\d+) |
Distinguished Name | No | 1 | Fully-Qualifed-User-Name=(.*?)\t |
Machine ID | Yes | 1 | Computer-Name=(.*?)\t |
Packet Type | No | 1 | Packet-Type=(\d+) |
Policy Name | Yes | 1 | Proxy-Policy-Name=(.*?)\t |
Reason | Yes | 1 | Reason-Code=(\d+) |
SAM Account Name | No | 1 | SAM-Account-Name=(.*?)\t |
Session ID | No | 1 | Acct-Session-Id=(.*?)\t |
Subsystem name | Yes | 1 | Client-Friendly-Name=(.*?)\t |