Microsoft Exchange
The IBM Security QRadar Custom Properties for Microsoft Exchange content extension adds new custom event properties for Microsoft Exchange.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for Microsoft Exchange
IBM Security QRadar Custom Properties for Microsoft Exchange V1.1.1
The following table shows the custom properties that were added or updated in IBM Security QRadar Microsoft Exchange V1.1.1.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Message Size | Yes | 1 | bytes=(\d+) |
Number of Recipients | No | 1 | recipient-count=(\d+) |
Subject | Yes | 1 | message-subject=([^\t]+) |
IBM Security QRadar Custom Properties for Microsoft Exchange V1.1.0
The following table shows the custom properties that were updated in IBM Security QRadar Custom Properties for Microsoft Exchange content extension V1.1.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Originating_User | Yes | 1 |
sender-address=([^\t]+) |
Recipient_User | Yes | 1 | recipient-address=([^\t]+) |
Subject | Yes | 1 | message-subject=([^\t]+) |
Name | Optimized | Capture Group | Regex |
---|---|---|---|
MessageID | Yes | 1 |
message-id=<(\S+)> |
Message Size | Yes | 1 | bytes=(\d+) |
Originating Host | Yes | 1 | sender-address=[^>@\s]*@([^>\s]*) |
Recipient Host | Yes | 1 | recipient-address=[^>@\s]*@([^>\s]*) |
IBM Security QRadar Custom Properties for Microsoft Exchange V1.0.0
The following table shows the custom properties that were updated in IBM Security QRadar Custom Properties for Microsoft Exchange content extension V1.0.0.
Name | Regex |
---|---|
Originating_User | sender-address=([^\t]+) |
Recipient_User | recipient-address=([^\t]+) |
Subject | message-subject=([^\t]+) |