Resource Access Control Facility (RACF)
The IBM Security QRadar RACF® Custom Properties Content Extension adds new custom properties for RACF.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar RACF Custom Properties Content Extension V1.0.1
The following table shows the custom properties in IBM Security QRadar RACF Custom Properties Content Extension V1.0.1.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Access Intent | Yes | 1 | intent=([^\t]+) |
IBM Security QRadar RACF Custom Properties Content Extension V1.0.0
The following table shows the custom properties in IBM Security QRadar RACF Custom Properties Content Extension V1.0.0.
Name | Regex |
---|---|
Authenticator | authenticator=([^\t]+) |
Access allowed | allow=([^\t]+) |
Access intent | intent=([^\t]+) |
Application name | appl=([^\t]+) |
Command | cmd=([^\t]+) |
Data set name | dsn=([^\t]+) |
Descriptor | desc=([^\t]+) |
Event summary | sum=([^\t]+) |
Identity context name | ICTXname=([^\t]+) |
Identity context registry | ICTXreg=([^\t]+) |
Job name | job=[^\t]{29}([^\t]{8}) |
Log string | logstr=([^\t]+) |
Person name | name=([^\t]+) |
Physical DASD box serial | box=([^\t]+) |
Port of entry | poe=([^\t]+) |
Private / owned data set | own=([^\t]+) |
RACF authority | auth=([^\t]+) |
RACF profile | prof=([^\t]+) |
Resource sensitivity | sens=([^\t]+) |
SAF class | class=([^\t]+) |
SAF resource name | res=([^\t]+) |
SNA terminal name | terminal=([^\t]+) |
Sensitive groups | usrGroups=([^\t]+ |
Sensitive user privileges | usrPriv=([^\t]+) |
Submitted by | submitby=([^\t]+) |
System SMF id | job=([^\t]{4}) |
System / job | job=([^\t]+) |
UNIX path name | path=([^\t]+) |
UNIX access origin | used=([^\t]+) |
UNIX function | function=([^\t]+) |
Volume serial | vol=([^\t]+) |