Alias properties created for custom properties
During the upgrade to 7.4.3, and when you install content after the upgrade, alias properties are created for custom properties that don't conform to naming best practices.
The following table describes the default custom properties that were renamed and merged during the upgrade to QRadar® 7.4.3.
Old custom property name | New custom property names |
---|---|
Access allowed | Access Allowed |
Access intent | Access Intent |
AccountDomain | Account Domain |
AccountID | Account ID |
AccountName | Account Name |
ACF2 rule key | ACF2 Rule Key |
Action_ | Action |
Alert Sql DB Name | Alert SQL DB Name |
Alert Sql User Name | Alert SQL Username |
Alert_Category | Alert Category |
Allowed cipher priority order | Allowed Cipher Priority Order |
Analyzer Host Name | Analyzer Hostname |
Application name | Application Name |
AVT-App-Category | Application Category |
AVT-App-Name | Application Name |
AVT-App-VolumeBytes | Bytes |
Avt-App-VolumePackets | Packets |
Browser info | Browser Info |
Bypass request | Bypass Request |
Bytes From Client | Bytes Sent |
Bytes From Server | Bytes Received |
BytesReceived | Bytes Received |
BytesSent | Bytes Sent |
CB Server | Device Name |
Changed by | Changed By |
ChangedAttributes | Changed Attributes |
CICS terminal id | CICS Terminal ID |
Completion code | Completion Code |
Completion status | Completion Status |
Computer | Machine Identifier |
Computer Name | Machine Identifier |
CPU_Usage | CPU Usage |
Criticality Rating | Criticality Score |
Current SQL id | Current SQL ID |
CurrentValue | Current Value |
Data set name | Data Set Name |
DD name | Data Definition |
Destination Host Name | Destination Hostname |
Detected Malware IDs | Threat ID |
Detection Engine | Analyzer Type |
Detection Engine Type | Analyzer Type |
Device OS | OS Name |
EventID | Event ID |
Executed Command | Command |
Execution Status | Threat Execution Status |
FIPS 140 compliance | FIPS 140 Compliance |
From value | From Value |
Function code | Function Code |
GroupID | Group ID |
Host status | Host Status |
ICF-Active | ICF Active |
ICF-Service | ICF Service |
Identity Context name | Identity Context Name |
Identity Context registry | Identity Context Registry |
Image | Process Path |
Image ID | Process ID |
ImageName | Process Name |
Infected Device | Machine Identifier |
InitiatedConnection | Initiated Connection |
Initiator User Name | Initiator Username |
InstanceID | Instance ID |
Jail Broken Device | Device Name |
JES line | JES Line |
JES remote terminal name | JES Remote Terminal Name |
Job name | Job Name |
Job number | Job Number |
Job tag | Job Tag |
LoadedImage | Process Path |
LoadedImageName | Process Name |
Log Source Hostname | Device Name |
Log string | Log String |
Login Type | Logon Type |
Machine ID | Machine Identifier |
Malware | Threat Name |
Malware Family | Threat Family |
Member name | Member Name |
MessageID | Message ID |
Name | Full Name |
NJE node name | Node Name |
NSM Policy | Policy Name |
Object name(s) | Object Name |
Object type(s) | Object Type |
ObjectName | Object Name |
ObjectType | Object Type |
Old data set name | Old Data Set Name |
Originating Host | Sender Host |
Originating_User | Sender |
OS | OS Name |
Packets From Client | Packets Sent |
Packets From Server | Packets Received |
Parent Process Guid | Parent Process GUID |
ParentCommandLine | Parent Command |
ParentImage | Parent Process Path |
ParentImageName | Parent Process Name |
Path | File Path |
Person name | Full Name |
Physical DASD box serial | Physical DASD Box Serial |
PipeName | Pipe Name |
Policy | Policy Name |
Port of entry | Port of Entry |
Process CommandLine | Command |
Process Guid | Process GUID |
Process Id | Process ID |
Program | Application |
PS Encoded Command | Encoded Command |
RACF authority used | RACF Authority Used |
RACF profile | RACF Profile |
ReceivedBytes Bytes | Received |
Recipient_User | Recipients |
Referrer URL | URL Referrer |
Reject_Code | Reject Code |
Resource sensitivity | Resource Sensitivity |
Role | Role Name |
Rulename | Rule Name |
RunLevel | Run Level |
SAP System (SID) | SAP System |
Sensitive groups | Sensitive Groups |
Sensitive user privileges | Sensitive User Privileges |
SentBytes | Bytes Sent |
Server Name | Device Name |
Service | Service Name |
ServiceFileName | Service Filename |
ShareName | Share Name |
SharePath | Share Path |
SignatureStatus | Signature Status |
SNA global network name | SNA Global Network Name |
SNA terminal name | SNA Terminal Name |
Source Host Name | Source Hostname |
Source of Log | Device Name |
Source of Risk | Submitted By |
Source OS | OS Name |
Source Process | Process Name |
SourceImage | Source Process Path |
StartAddress | Start Address |
StartFunction | Start Function |
StartModule | Start Module |
Step name | Step Name |
Submitted by | Submitted By |
Subsystem name | Subsystem Name |
Suspect_Content | Suspect Content |
SyscallID | Syscall ID |
System SMF id | System SMF ID |
Target Image Name | Target Process Name |
Target User Name | Target Username |
TargetImage | Target Process Path |
TargetProcessGuid | Target Process GUID |
TaskName | Task Name |
TLS Client Cert | TLS Client Certificate |
TLS encryption chaining mode | TLS Encryption Chaining Mode |
TLS encryption family | TLS Encryption Family |
TLS encryption key length | TLS Encryption Key Length |
TLS key exchange method | TLS Key Exchange Method |
TLS message digest | TLS Message Digest |
TLS or SSL protocol level | TLS or SSL Protocol Level |
TLS RFC level | TLS RFC Level |
Transaction code | Transaction Code |
Transaction name | Transaction Name |
UNIX access origin | Access Origin |
UNIX function | Function |
UNIX path name | File Path |
UrlHost | URL Host |
User Distinguished Name | Distinguished Name |
User Workstations | Machine Identifier |
UserAdded | Target Username |
UserType | User Type |
VirusName | Threat Name |
Volume serial | Volume Serial |
VPNsubject_CN | VPN Subject CN |
Watchlists | Watchlists Content |
WTO Message | Message |