Microsoft IAS
Use the IBM® QRadar® Custom Properties for Microsoft IAS to closely monitor your Microsoft IAS deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as part of the automatic updates. If automatic updates are not enabled,
download the most recent version of the associated DSMs from IBM Fix Central
(https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Microsoft IAS 1.0.0.
| Name | Optimized | Capture Group | Regex |
|---|---|---|---|
| Authentication Type | No | 1 | Authentication-Type=(\d+) |
| Classification | No | 1 | Class=(\d+) |
| Distinguished Name | No | 1 | Fully-Qualifed-User-Name=(.*?)\t |
| Machine ID | Yes | 1 | Computer-Name=(.*?)\t |
| Packet Type | No | 1 | Packet-Type=(\d+) |
| Policy Name | Yes | 1 | Proxy-Policy-Name=(.*?)\t |
| Reason | Yes | 1 | Reason-Code=(\d+) |
| SAM Account Name | No | 1 | SAM-Account-Name=(.*?)\t |
| Session ID | No | 1 | Acct-Session-Id=(.*?)\t |
| Subsystem name | Yes | 1 | Client-Friendly-Name=(.*?)\t |