Alias properties created for custom properties

During the upgrade to 7.4.3, and when you install content after the upgrade, alias properties are created for custom properties that don't conform to naming best practices.

The following table describes the default custom properties that were renamed and merged during the upgrade to QRadar® 7.4.3.

Table 1. Renamed and merged default custom properties
Old custom property name New custom property names
Access allowed Access Allowed
Access intent Access Intent
AccountDomain Account Domain
AccountID Account ID
AccountName Account Name
ACF2 rule key ACF2 Rule Key
Action_ Action
Alert Sql DB Name Alert SQL DB Name
Alert Sql User Name Alert SQL Username
Alert_Category Alert Category
Allowed cipher priority order Allowed Cipher Priority Order
Analyzer Host Name Analyzer Hostname
Application name Application Name
AVT-App-Category Application Category
AVT-App-Name Application Name
AVT-App-VolumeBytes Bytes
Avt-App-VolumePackets Packets
Browser info Browser Info
Bypass request Bypass Request
Bytes From Client Bytes Sent
Bytes From Server Bytes Received
BytesReceived Bytes Received
BytesSent Bytes Sent
CB Server Device Name
Changed by Changed By
ChangedAttributes Changed Attributes
CICS terminal id CICS Terminal ID
Completion code Completion Code
Completion status Completion Status
Computer Machine Identifier
Computer Name Machine Identifier
CPU_Usage CPU Usage
Criticality Rating Criticality Score
Current SQL id Current SQL ID
CurrentValue Current Value
Data set name Data Set Name
DD name Data Definition
Destination Host Name Destination Hostname
Detected Malware IDs Threat ID
Detection Engine Analyzer Type
Detection Engine Type Analyzer Type
Device OS OS Name
EventID Event ID
Executed Command Command
Execution Status Threat Execution Status
FIPS 140 compliance FIPS 140 Compliance
From value From Value
Function code Function Code
GroupID Group ID
Host status Host Status
ICF-Active ICF Active
ICF-Service ICF Service
Identity Context name Identity Context Name
Identity Context registry Identity Context Registry
Image Process Path
Image ID Process ID
ImageName Process Name
Infected Device Machine Identifier
InitiatedConnection Initiated Connection
Initiator User Name Initiator Username
InstanceID Instance ID
Jail Broken Device Device Name
JES line JES Line
JES remote terminal name JES Remote Terminal Name
Job name Job Name
Job number Job Number
Job tag Job Tag
LoadedImage Process Path
LoadedImageName Process Name
Log Source Hostname Device Name
Log string Log String
Login Type Logon Type
Machine ID Machine Identifier
Malware Threat Name
Malware Family Threat Family
Member name Member Name
MessageID Message ID
Name Full Name
NJE node name Node Name
NSM Policy Policy Name
Object name(s) Object Name
Object type(s) Object Type
ObjectName Object Name
ObjectType Object Type
Old data set name Old Data Set Name
Originating Host Sender Host
Originating_User Sender
OS OS Name
Packets From Client Packets Sent
Packets From Server Packets Received
Parent Process Guid Parent Process GUID
ParentCommandLine Parent Command
ParentImage Parent Process Path
ParentImageName Parent Process Name
Path File Path
Person name Full Name
Physical DASD box serial Physical DASD Box Serial
PipeName Pipe Name
Policy Policy Name
Port of entry Port of Entry
Process CommandLine Command
Process Guid Process GUID
Process Id Process ID
Program Application
PS Encoded Command Encoded Command
RACF authority used RACF Authority Used
RACF profile RACF Profile
ReceivedBytes Bytes Received
Recipient_User Recipients
Referrer URL URL Referrer
Reject_Code Reject Code
Resource sensitivity Resource Sensitivity
Role Role Name
Rulename Rule Name
RunLevel Run Level
SAP System (SID) SAP System
Sensitive groups Sensitive Groups
Sensitive user privileges Sensitive User Privileges
SentBytes Bytes Sent
Server Name Device Name
Service Service Name
ServiceFileName Service Filename
ShareName Share Name
SharePath Share Path
SignatureStatus Signature Status
SNA global network name SNA Global Network Name
SNA terminal name SNA Terminal Name
Source Host Name Source Hostname
Source of Log Device Name
Source of Risk Submitted By
Source OS OS Name
Source Process Process Name
SourceImage Source Process Path
StartAddress Start Address
StartFunction Start Function
StartModule Start Module
Step name Step Name
Submitted by Submitted By
Subsystem name Subsystem Name
Suspect_Content Suspect Content
SyscallID Syscall ID
System SMF id System SMF ID
Target Image Name Target Process Name
Target User Name Target Username
TargetImage Target Process Path
TargetProcessGuid Target Process GUID
TaskName Task Name
TLS Client Cert TLS Client Certificate
TLS encryption chaining mode TLS Encryption Chaining Mode
TLS encryption family TLS Encryption Family
TLS encryption key length TLS Encryption Key Length
TLS key exchange method TLS Key Exchange Method
TLS message digest TLS Message Digest
TLS or SSL protocol level TLS or SSL Protocol Level
TLS RFC level TLS RFC Level
Transaction code Transaction Code
Transaction name Transaction Name
UNIX access origin Access Origin
UNIX function Function
UNIX path name File Path
UrlHost URL Host
User Distinguished Name Distinguished Name
User Workstations Machine Identifier
UserAdded Target Username
UserType User Type
VirusName Threat Name
Volume serial Volume Serial
VPNsubject_CN VPN Subject CN
Watchlists Watchlists Content
WTO Message Message