Box
Use the IBM Security QRadar Custom Properties for Box Content Extension to closely monitor Box activity on your network.
IBM Security QRadar Custom Properties for Box Content Extension 1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Box Content Extension 1.0.0.
Name | Optimized | Expression |
---|---|---|
Alert ID | No | /"additional_details"/"shield_alert"/"alert_id" |
Alert Severity | No | /"additional_details"/"shield_alert"/"priority" |
Event Type | No | "event_type":"((?!SHIELD_ALERT)\w*)" |
File Directory | Yes | "item_path":"([\w\d/]*)" |
File ID | Yes | "item_id":"(\d*)" |
File Size | No | /"additional_details"/"shield_alert"/"malware_info"/"file_size_bytes" |
Filename | Yes | "item_name":"([\w\.\d]*)" |
Region | Yes | "region_name":"([\w\s]*)" |
Risk Score | No | /"additional_details"/"shield_alert"/"risk_score" |
Rule Details | Yes | /"additional_details"/"shield_alert"/"alert_summary"/"description" |
Rule ID | No | /"additional_details"/"shield_alert"/"rule_id" |
Rule Name | Yes | /"additional_details"/"shield_alert"/"rule_name" |
Service Name | Yes | "service_name":"([\w\s]*)" |
Session ID | No | /"session_id" |
SHA1 Hash | Yes | /"additional_details"/"shield_alert"/"malware_info"/"file_hash" |
Threat Family | No | /"additional_details"/"shield_alert"/"malware_info"/"family" |
Threat Name | Yes | /"additional_details"/"shield_alert"/"malware_info"/"malware_name" |
User ID | Yes | /"additional_details"/"shield_alert"/"user"/"id" |