Palo Alto PA Series
Use the IBM Security QRadar Palo Alto PA Series Content Extension for Palo Alto PA Series Firewall.
IBM Security QRadar Palo Alto PA Series Content Extensions
- IBM Security QRadar Palo Alto PA Series Content Extension 1.1.1
- IBM Security QRadar Palo Alto PA Series Content Extension 1.1.0
- IBM Security QRadar Palo Alto PA Series Content Extension 1.0.2
- IBM Security QRadar Palo Alto PA Series Content Extension 1.0.1
- IBM Security QRadar Palo Alto PA Series Content Extension 1.0.0
IBM Security QRadar Palo Alto PA Series Content Extension 1.1.1
The following table shows the changed custom properties in IBM Security QRadar Palo Alto PA Series Content Extension 1.1.1.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| URL | Yes | 1 | The \|subtype=url\|.*?\|Miscellaneous="(.*?)(?:"|$) is now \|[sS]ubtype=url\|.*?\|Miscellaneous="(.*?)(?:"|$) |
Duplicated expressions IDs were updated to make them unique in the Rule Name and Web Category custom properties.
IBM Security QRadar Palo Alto PA Series Content Extension 1.1.0
The following table shows the changed custom properties in IBM Security QRadar Palo Alto PA Series Content Extension 1.1.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| BytesReceived | Yes | 1 | dstBytes=([^|]+) |
| BytesSent | Yes | 1 | srcBytes=([^|]+) |
| Device Name | No | 1 | DeviceName=([^|]+) |
| Packets Received | No | 1 | dstPackets=([^|]+) |
| Packets Sent | No | 1 | srcPackets=([^|]+) |
IBM Security QRadar Palo Alto PA Series Content Extension 1.0.2
All custom property descriptions were updated, and changes were made to allow custom properties to be translated.
The Object Category and Rulename custom properties were renamed and assigned new IDs. Object Category is now Web Category. Rulename is now Rule Name. Delete any existing Object Category and Rulename custom properties before you upgrade to 1.0.2.
The following table shows the changed custom properties in IBM Security QRadar Palo Alto PA Series Content Extension 1.0.2.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Application | Yes | 1 | Application=([^|]+) |
| Bytes | No | 1 | totalBytes=(\d+) |
| BytesReceived | Yes | 1 | BytesIn=([^|]+) |
| BytesSent | Yes | 1 | BytesOut=([^|]+) |
| Criticality Rating | No | 1 | sev=([^|]+) |
| Destination Zone | No | 1 | DestinationZone=([^|]+) |
| Elapsed Time | No | 1 | ElapsedTime=([^|]+) |
| Object type(s) | Yes | 1 | Subtype=([^|]+) |
| Packets | No | 1 | Packets=([^|]+) |
| Rule Name | Yes | 1 | RuleName=([^|]+) |
| Source Zone | No | 1 | SourceZone=([^|]+) |
| Web Category | Yes | 1 | URLCategory=([^|]+) |
IBM Security QRadar Palo Alto PA Series Content Extension 1.0.1
The following table shows the changed custom properties in IBM Security QRadar Palo Alto PA Series Content Extension 1.0.1.
| Name | Optimized |
|---|---|
| Application | No |
| BytesReceived | No |
| BytesSent | Yes |
| Filename | Yes |
| Object type(s) | Yes |
| URL | Yes |
IBM Security QRadar Palo Alto PA Series Content Extension 1.0.0
The following table shows the custom properties in IBM Security QRadar Palo Alto PA Series Content Extension 1.0.0.
| Name | Regex |
|---|---|
| Application | Application=([^|]+) |
| Bytes | Bytes=([^|]+) |
| Bytes Received | BytesIn=([^|]+) |
| Bytes Sent | BytesOut=([^|]+) |
| Content Type | ContentType=([^|]+) |
| Criticality Rating | sev=([^|]+) |
| Destination Zone | DestinationZone=([^|]+) |
| Elapsed Time | ElapsedTime=([^|]+) |
| Filename | Filename=([^|]+) |
| Object Category | URLCategory=([^|]+) |
| Object Name | \|Miscellaneous="(.*?)(?:"|$) |
| Object type(s) | Subtype=([^|]+) |
| Packets | Packets=([^|]+) |
| Rule Name | RuleName=([^|]+) |
| Source Zone | SourceZone=([^|]+) |
| URL | \|subtype=url\|.*?\|Miscellaneous="(.*?)(?:"|$) |