Microsoft Exchange

The IBM Security QRadar Custom Properties for Microsoft Exchange content extension adds new custom event properties for Microsoft Exchange.

Important: To avoid content errors in this content extension, keep the associated DSMs up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).

IBM Security QRadar Custom Properties for Microsoft Exchange

IBM Security QRadar Custom Properties for Microsoft Exchange V1.1.1

The following table shows the custom properties that were added or updated in IBM Security QRadar Microsoft Exchange V1.1.1.

Table 1. Custom Properties in IBM Security QRadar Microsoft Exchange V1.1.1
Name Optimized Capture Group Regex
Message Size Yes 1 bytes=(\d+)
Number of Recipients No 1 recipient-count=(\d+)
Subject Yes 1 message-subject=([^\t]+)

IBM Security QRadar Custom Properties for Microsoft Exchange V1.1.0

The following table shows the custom properties that were updated in IBM Security QRadar Custom Properties for Microsoft Exchange content extension V1.1.0.

Table 2. Updated Custom Properties in IBM Security QRadar Custom Properties for Microsoft Exchange content extension V1.1.0
Name Optimized Capture Group Regex
Originating_User Yes 1

sender-address=([^\t]+)

Recipient_User Yes 1 recipient-address=([^\t]+)
Subject Yes 1 message-subject=([^\t]+)
Table 3. New Custom Properties in IBM Security QRadar Custom Properties for Microsoft Exchange content extension V1.1.0
Name Optimized Capture Group Regex
MessageID Yes 1

message-id=<(\S+)>

Message Size Yes 1 bytes=(\d+)
Originating Host Yes 1 sender-address=[^>@\s]*@([^>\s]*)
Recipient Host Yes 1 recipient-address=[^>@\s]*@([^>\s]*)

IBM Security QRadar Custom Properties for Microsoft Exchange V1.0.0

The following table shows the custom properties that were updated in IBM Security QRadar Custom Properties for Microsoft Exchange content extension V1.0.0.

Table 4. Updated Custom Properties in IBM Security QRadar Custom Properties for Microsoft Exchange content extension V1.0.0
Name Regex
Originating_User sender-address=([^\t]+)
Recipient_User recipient-address=([^\t]+)
Subject message-subject=([^\t]+)