Microsoft Sharepoint
Use the IBM Security QRadar Microsoft Sharepoint Content Extension to closely monitor your Microsoft Sharepoint deployment.
IBM Security QRadar Microsoft Sharepoint Content Extension 1.0.1
Updated the content extension to allow it to be installed on earlier QRadar versions than 7.3.3. Fix Pack 3.
IBM Security QRadar Microsoft Sharepoint Content Extension 1.0.0
The following table shows the custom properties in IBM Security QRadar Microsoft Sharepoint Content Extension 1.0.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Administrator ID | Yes | 1 | label[=Administrator ID"\\]+value["\\=]+"(.*?)[\\]" |
Administrator Name | Yes | 1 | label[=Administrator Name"\\]+value["\\=]+"(.*?)[\\]" |
Audit Flags | Yes | 1 | label[=New Audit Policy"\\]+value["\\=]+"(.*?)[\\]" |
Content Information | No | 1 | label[=Object Title"\\]+value["\\=]+(.*?)\\[^\\] |
EventID | Yes | 1 | \/event\.aspx\?eventid=(\d+)[\\"] |
File Directory | Yes | 1 | label[=Object URL"\\]+value[\\"=]+(.*?)\/[^\/]*?[\\"]+\|name \"Object URL\\\"\svalue=\\"(n\/a|(?!n\/a).*?)[\\\/][^\/]*?[\\"]+\|name label[=Object URL"\\]+value[\\"\/=]+(.*?)\/[^\/]*?[\\"]+(?:name|) |
File Extension | Yes | 1 |
\"Object URL\\\"\svalue=\\"[^"]*?\.(n\/a|(?!n\/a)[^"\\]*) \"Object URL\\\"\svalue=\\"[^"]*?\.([^"\\]*) label[=Object URL"\\]+value["\\=]+"[^"]*?\.([^"\\]*) |
Filename | Yes | 1 | label[=Object URL"\\]+value["\\=]+.*?\/([^\/]*?)\\+ \"Object URL\\\"\svalue=\\\".*?(n\/a|(?!n\/a)[^\/]*?)\\+ |
Group Name | Yes | 1 | label[=Group Name\s"\\]+value["\\=]+(.*?)\\[^\\] |
GroupID | Yes | 1 | label[=Group ID\s"\\]+value[=\\"]+(\d+) |
ObjectType | Yes | 1 | label[=Object Type"\\]+value["\\=]+(.*?)\\[^\\] |
Parent Content Information | Yes | 1 | \"Parent Object Title\\\"\svalue=\\\"(.*?)\\[^\\] |
Parent File Directory | Yes | 1 | \"Parent Object URL\\\"\svalue=\\"(n\/a|(?!n\/a).*?)\/[^\/]*?[\\"]+\|name |
Parent File Extension | Yes | 1 | \"Parent Object URL\\\"\svalue=\\"[^"]*?\.(n\/a|(?!n\/a)[^"\\]*) |
Parent Filename | Yes | 1 | \"Parent Object URL\\\"\svalue=\\\".*?(n\/a|(?!n\/a)[^\/]*?)\\+ |
Parent Object Type | Yes | 1 | \"Parent Object Type\\\"\svalue=\\\"(.*?)\\[^\\] |
Role Name | Yes | 1 | label[=Permissions Role Name"\\]+value["\\=]+"(.*?)[\\]" |
Target User ID | Yes | 1 | label[=Member ID"\\]+value["\\=]+(\d+)[\\]" |
Target User Name | Yes | 1 | label[=Target Name"\\]+value["\\=]+"(.*?)[\\]" label[=Member Name"\\]+value["\\=]+"(.*?)[\\]" |
URL | Yes | 1 | label[=\sSite"\\]+value["\\=]+"(.*?)[\\]" |