ObserveIT
Use the IBM Security QRadar ObserveIT Content Extension to closely monitor your ObserveIT deployment.
Note: The custom property IDs for Alert ID and Alert
Severity are updated in V1.0.1. If you have V1.0.0 of this extension installed, delete
Alert ID and Alert Severity before you upgrade to the
latest version.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar ObserveIT Content Extension V1.0.1
The following table shows the custom properties that are new or updated in IBM Security QRadar ObserveIT Content Extension V1.0.1.
Name | Optimized | Regex |
---|---|---|
Process Name | Yes | ProcessName: "([^"]*)" |
IBM Security QRadar ObserveIT Content Extension V1.0.0
The following table shows the custom properties that are new or updated in IBM Security QRadar ObserveIT Content Extension V1.0.0.
Name | Regex |
---|---|
Alert ID | AlertID: "([^"]*)" |
Alert Rule Name | RuleName: "([^"]*)" |
Alert Severity | Severity: "([^"]*)" |
Alert Sql DB Name | SqlDBName: "([^"]*)" |
Alert Sql User Name | SqlUserName: "([^"]*)" |
Alert Time | AlertTime: "([^"]*)" |
Application Name | ApplicationName: "([^"]*)" |
Client Name | ClientName: "([^"]*)" |
Command | Command: "([^"]*)" |
Domain | DomainName: "([^"]*)" |
OS | OS: "([^"]*)" |
Process Name | ProcessName: "([^"]*)" |
Screenshot ID | ScreenshotID: "([^"]*)" |
Server Name | ServerName: "([^"]*)" |
Session End Date | SessionLastActivityDate: "([^"]*)" |
Session ID | SessionID: "([^"]*)" |
Session Start Date | SessionDate: "([^"]*)" |
User Authentication | UserAuthentication: "([^"]*)" |
User Name | UserName: "([^"]*)" |
Video URL | VideoURL: "([^"]*)" |
Video URL Alert | VideoURL: "([^"]*)" |
Video URL Session | VideoURL: "([^"]*)" |
Window Title | WindowTitle: "([^"]*)" |