IBM Guardium
The IBM Security QRadar IBM Guardium Content Extension adds new custom properties.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar IBM Guardium Content Extension
IBM Security QRadar IBM Guardium Content Extension V1.0.3
The following table shows the custom properties that were updated in IBM Security QRadar IBM Guardium Content Extension V1.0.3.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Error Code | Yes | 1 | error=([^\|\s]+) |
IBM Security QRadar IBM Guardium Content Extension V1.0.2
The following table shows the custom properties that were updated in IBM Security QRadar IBM Guardium Content Extension V1.0.2.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Error Code | Yes | 1 | error=([^\|]+) |
IBM Security QRadar IBM Guardium Content Extension V1.0.1
The following table shows the custom properties in the IBM Guardium Content Extension V1.0.1.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Database Name | Yes | 1 | (?:DB_NAME|DBName)=([^\|]+) |
Database Username | No | 1 | dbUser=([^\|]+) |
Error Code | No | 1 | error=([^\|]+) |
Policy Category | No | 1 | category=([^\|]+) |
Policy Classification | No | 1 | classification=([^\|]+) |
Policy ID | No | 1 | ruleID=([^\|]+) |
Policy Name | Yes | 1 | LEEF:[0-9\.]+\|IBM\|Guardium\|[^\|]+\|([^\|]+) |
Policy Violation ID | No | 1 | violationID=([^\|]+) |
Server Type | No | 1 | serverType=([^\|]+) |
Source Program | No | 1 | sourceProgram=([^\|]+) |
SQL Command | No | 1 | sql=([^\|]+) |