Check Point
The IBM Security QRadar Check Point Custom Properties content extension adds new custom event properties for Check Point.
IBM Security QRadar Check Point Content Extensions
IBM Security QRadar Check Point Content Extension V1.1.0
The following table shows the custom properties that are new or updated in IBM Security QRadar Check Point Content Extension V1.1.0.
Name | Optimized | Capture Group | LEEF expression |
---|---|---|---|
Bytes | No | 1 | bytes |
BytesReceived | Yes | 1 | dstBytes |
BytesSent | Yes | 1 | srcBytes |
CVE ID | Yes | 1 | cve |
Destination Host Name | Yes | 1 | dst_machine_name |
Message | No | 1 | attack_info |
Policy Name | Yes | 1 | policyName |
Product | Yes | 1 | product |
Rule ID | No | 1 | rule_uid app_rule_id |
Rule Name | Yes | 1 | rule_name app_rule_name |
Source Host Name | Yes | 1 | src_machine_name |
Source OS | No | 1 | source_os |
URL | Yes | 1 | url |
Violation Signatures | No | 1 | signature |
IBM Security QRadar Check Point Content Extension V1.0.2
The Product custom property was assigned a new ID. Delete any existing Product custom properties before you upgrade to V1.0.2.
The following table shows the custom properties that were updated in IBM Security QRadar Check Point Content Extension V1.0.2.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
CVE ID | Yes | 1 | Industry Reference:\s(\S+); |
Policy Name | Yes | 1 | policy_name=(\S+)]; |
Product | Yes | 1 | product\s*:\s*(.*?); |
Rule ID | No | 1 | rule_uid:\s*\{([\w-]+)\} |
Rule Name | Yes | 1 | rule_name:\s*(\S+); |
Source Host Name | Yes | 1 | src_machine_name:\s(\S+); |
Threat Family | No | 1 | malware_family:\s*(.*?); |
IBM Security QRadar Check Point Content Extension V1.0.1
The following table shows the custom properties that were updated in IBM Security QRadar Check Point Content Extension V1.0.1.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
URL | Yes | 1 |
Destination DNS Hostname\s*:\s*(\S+);: resource:\s*(\S+); |
IBM Security QRadar Check Point Content Extension V1.0.0
The following table shows the custom properties that were updated in IBM Security QRadar Check Point Content Extension V1.0.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Product | No | 1 | product\s*:\s*(.*);\s+src |
Source OS | No | 1 | Source OS\s*:\s*(\S+); |
URL | No | 1 |
Destination DNS Hostname\s*:\s*(\S+);: resource:\s*(\S+); |