Randori

The IBM Security QRadar Randori Custom Properties content extension adds new custom event properties for Randori.

IBM Security QRadar Custom Properties For Randori 1.0.2

The following table shows the new custom property in IBM Security QRadar® Custom Properties For Randori 1.0.2.

Name	Optimized	Capture Group	Regex
Service Name	No	1	/"name"

The following table shows the updated custom property in IBM Security QRadar Custom Properties For Randori 1.0.2.

Name	Optimized	Capture Group	Regex
Hostname	Yes	JSON	/"hostname"

The following table shows the new custom properties in IBM Security QRadar Custom Properties For Randori 1.0.1.

Name	Optimized	Capture Group	Regex
Characteristic Tag	No	1	"characteristic_tags":\[(.*?)\]
User Tag	No	1	"user_tags":\[(.*?)\]

The following table shows the new custom properties in IBM Security QRadar Custom Properties For Randori 1.0.0.

Name	Optimized	Capture Group	Regex
Applicability	No	JSON	/"applicability"
Characteristic Count	No	JSON	/"characteristics_count"
Confidence Level	Yes	JSON	/"confidence"
Criticality Level	Yes	JSON	/"criticality"
Enumerability	No	JSON	/"enumerability"
Exploitability	No	JSON	/"exploitability"
Hostname	Yes	JSON	/"name"
Impact Level	Yes	JSON	/"impact_score"
Object ID	Yes	JSON	/"id"
Organization ID	No	JSON	/"org_id"
Post Exploit	No	JSON	/"post_exploit"
Priority	Yes	JSON	/"priority_score"
Private Weakness	No	JSON	/"private_weakness"
Public Weakness	No	JSON	/"public_weakness"
Relevance Level	Yes	JSON	/"detection_relevance"
Research	No	JSON	/"research"
Rule Details	Yes	JSON	/"description"
Rule Notes	No	JSON	/"randori_notes"
Service ID	No	JSON	/"service_id"
Status	Yes	JSON	/"status"
Tag	No	1	"tags":\{(.*?)\}
Target Confidence	No	JSON	/"target_confidence"
Target ID	Yes	JSON	/"target_id"
Target Number Detection	No	JSON	/"target_num_detections"
Temptation	Yes	JSON	/"target_temptation"
TLS or SSL protocol level	No	JSON	/"protocol"
Vendor	No	JSON	/"vendor"