NGINX

Use the IBM Security QRadar NGINX Content Extension to closely monitor your NGINX deployment.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar NGINX Content Extension 1.0.4
IBM Security QRadar NGINX Content Extension 1.0.3
IBM Security QRadar NGINX Content Extension 1.0.2
IBM Security QRadar NGINX Content Extension 1.0.1
IBM Security QRadar NGINX Content Extension 1.0.0

IBM Security QRadar NGINX Content Extension 1.0.4

The following table shows the custom properties that were updated in IBM Security QRadar NGINX Content Extension 1.0.4.

Table 1. Custom Properties in IBM Security QRadar NGINX Content Extension 1.0.4
Old Property Name	New Property Name
BytesSent	Bytes Sent
Referrer URL	URL Referrer

_{(Back to top)}

IBM Security QRadar NGINX Content Extension 1.0.3

The following table shows the custom properties in IBM Security QRadar NGINX Content Extension 1.0.3.

Table 2. Custom Properties in IBM Security QRadar NGINX Content Extension 1.0.3
Name	Optimized	Capture Group	LEEF or regex expressions
Server Response Time	Yes	1	upstream_response_time

_{(Back to top)}

IBM Security QRadar NGINX Content Extension 1.0.2

The following table shows the custom properties in IBM Security QRadar NGINX Content Extension 1.0.2.

Table 3. Custom Properties in IBM Security QRadar NGINX Content Extension 1.0.2
Name	Optimized	Capture Group	LEEF or regex expressions
Referrer URL	Yes	1	http_referer
URLHost	Yes	1	host:\s"(.*?)/

_{(Back to top)}

IBM Security QRadar NGINX Content Extension 1.0.1

The following table shows the custom properties in IBM Security QRadar NGINX Content Extension 1.0.1.

Table 4. Custom Properties in IBM Security QRadar NGINX Content Extension 1.0.1
Name	Optimized	Capture Group	LEEF expressions
Bytes Sent	Yes	1	body_bytes_sent
Referrer URL	No	1	http_referer
URL Path	No	1	uri_path
User Agent	No	1	http_user_agent

_{(Back to top)}

IBM Security QRadar NGINX Content Extension 1.0.0

The following table shows the custom properties in IBM Security QRadar NGINX Content Extension 1.0.0.

Table 5. Custom Properties in IBM Security QRadar NGINX Content Extension 1.0.0
Name	Optimized	Capture Group	Regex
Bytes Sent	Yes	1	body_bytes_sent=([\d\|-]+)
Method	No	1	request=(GET\|POST\|CONNECT\|TUNNEL\|HEAD\|PUT\|DELETE\|OPTIONS\|TRACE\|PATCH) request:\s"(GET\|POST\|CONNECT\|TUNNEL\|HEAD\|PUT\|DELETE\|OPTIONS\|TRACE\|PATCH)
Referrer URL	No	1	referrer:\s"(.?)" http_referer=(.?)\t
Response Code	No	1	LEEF:[0-9\.]+\\|NGINX\\|NGINX\\|[^\\|]+\\|([^\\|]+)\\|
URL Path	No	1	uri_path=(.*?)\t
URL Query String	No	1	request:\s"(?:GET\|POST\|CONNECT\|TUNNEL\|HEAD\|PUT\|DELETE\|OPTIONS\|TRACE\|PATCH)\s([^\;\s]+) request=(?:GET\|POST\|CONNECT\|TUNNEL\|HEAD\|PUT\|DELETE\|OPTIONS\|TRACE\|PATCH)\s([^\;\s]+)
UrlHost	Yes	1	host:\s"(.*?):
User Agent	No	1	http_user_agent=(.*?)\t

_{(Back to top)}