Postfix
Use the IBM Security QRadar Custom Properties for Postfix to closely monitor your Custom Properties for Postfix deployment. The Postfix custom event properties expand your QRadar searches and reports by normalizing specific event data from a log source.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for Postfix
IBM Security QRadar Custom Properties for Postfix V1.0.2
The following table shows the updated custom property in IBM Security QRadar Custom Properties for Postfix V1.0.2.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Subject | Yes | 1 | Subject:\s(.*?)\sfrom\s* |
IBM Security QRadar Custom Properties for Postfix V1.0.1
The following table shows the new and updated custom properties in IBM Security QRadar Custom Properties for Postfix V1.0.1.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Number of Recipients | Yes | 1 | nrcpt=(\d+) |
| Originating Host | Yes | 1 | from=[^>@\s]*@([^>\s]*) from=<[^>@\s]*@([^>\s]*)> |
| Originating_User | Yes | 1 | from=<([^>\s]*)> from=<(\S+)> |
IBM Security QRadar Custom Properties for Postfix V1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Postfix V1.0.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| File Extension | Yes | 1 | filename="[^"]*\.([^"]*) |
| Filename | Yes | 1 | filename="([^"]*) |
| Message Size | Yes | 1 | size=(\d*) |
| MessageID | Yes | 1 | \[\d*]:\s([^:\s]*) |
| Originating Host | Yes | 1 | from=<[^>@\s]*@([^>\s]*)> |
| Originating_User | Yes | 1 | from=<([^>\s]*)> |
| Recipient Host | Yes | 1 | to=<[^>@\s]*@([^>\s]*)> |
| Recipient_User | Yes | 1 | to=<([^>\s]*)> |
| Subject | Yes | 1 | Subject:\s(.*)\sfrom\s |