Akamai Kona
Use the IBM Security QRadar Custom Properties for Akamai Kona Content Extension to closely monitor your Akamai Kona deployment.
IBM Security QRadar Custom Properties for Akamai Kona Content Extension 1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Akamai Kona Content Extension 1.0.0.
Name | Optimized | Capture Group | Expression |
---|---|---|---|
Action | Yes | 1 | /"attackData"/"ruleActions" |
Bytes | No | 1 | /"httpMessage"/"bytes" |
Content Type | No | 1 | Content-Type:\s(.*?)\\ |
Hostname | Yes | 1 | Server:\s(.*?)\\ |
Method | No | 1 | /"httpMessage"/"method" |
Referer URL | Yes | 1 | Referer:\s(.*?)\\ |
Region | Yes | 1 | country":"(.*?)" |
Response Code | No | 1 | /"httpMessage"/"status" |
Rule Details | Yes | 1 | /"attackData"/"ruleData" |
Rule ID | Yes | 1 | /"attackData"/"policyId" |
Rule Name | Yes | 1 | /"attackData"/"rules" |
URL Path | No | 1 | /"httpMessage"/"path" |
URL Query String | No | 1 | /"httpMessage"/"query" |
UrlHost | Yes | 1 | /"httpMessage"/"host" |
User Agent | No | 1 | User-Agent:\s(.*?)\\ |