Performance optimization
The performance improvements in QRadar® 7.4.0 include enhanced parsing support for name value pairs and generic list events, the ability to remove reference data when you uninstall a content extension, a faster way to export content from the DSM Editor, and updates to flow records.
Enhanced parsing support for XML events in the DSM Editor
In the DSM Editor, you can now easily parse both standard and custom properties from events in XML format without writing regular expressions (regex). When you enable Property autodiscovery for log source types that consume XML events, all available fields are parsed as custom properties. With these new capabilities, administrators and users who have permission to create custom properties, can quickly and easily parse these events.
Use the DSM Editor to create a custom log source type to handle XML events in IBM® QRadar. Add custom properties to help parse an existing log source type. Use simple XML expressions instead of regex to define how to parse custom properties. The DSM Editor automatically provides expressions for system properties based on their predefined keys in the XML specification.
Turn on XML property autodiscovery to discover custom properties for all XML fields in any events that are received for the log source type. Use XML expressions in the Custom Event Property Editor and when you manually create log source extensions.
The following figure shows where you parse XML events in the DSM Editor.
DSM Parameter support in the DSM Editor
In QRadar 7.4.0, if your log source type has DSM parameters, you can use the DSM Editor to configure the DSM parameters. Enable the Display DSM Parameters Configuration option to view and edit the DSM parameters.
Learn more about
configuring DSM parameters in the DSM Editor...
Additional standard fields for events
View additional details about your events. These details provide increased visibility into how events are internally processed by QRadar.