Forcepoint

Use the IBM Security QRadar Custom Properties for Forcepoint Content Extension to closely monitor your Forcepoint deployment.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar Custom Properties for Forcepoint Content Extension 1.0.0

The following table shows the custom properties in IBM Security QRadar Custom Properties for Forcepoint Content Extension 1.0.0.

Table 1. Custom Properties in IBM Security QRadar Custom Properties for Forcepoint Content Extension 1.0.0
Name Optimized Capture Group Regex
Alert Severity No 1 severity=([^|]+)
BytesReceived Yes 1 dstBytes=([^\t]+)
BytesSent Yes 1 srcBytes=([^\t]+)
Category Number No 1 cat=([^\t]+)
Channel Yes 1 channel=([^|]+)
Content Type No 1 contentType=([^\t]+)
Destination of Risk No 1 destinations=([^|]+)
Disposition No 1 disposition=([^\t]+)
Incident Detail No 1 detaills=([^|]+)
Log Record Source No 1 logRecordSource=([^\t]+)
Login ID No 1 loginID=([^\t]+)
Method No 1 method=([^\t]+)
Policy Name Yes 1 policy=([^\t]+)

policies=([^|]+)

Proxy Status Code No 1 proxyStatus-code=([^\t]+)
Reason Yes 1 reason=([^\t]+)
Role Yes 1 role=([^\t]+)
Server Status Code No 1 serverStatus-code=([^\t]+)
Source of Risk No 1 source=([^|]+)
URL Yes 1 url=([^\s]+)