Secure Access for Juniper Networks
Use the IBM Security QRadar Secure Access Custom Properties for Juniper Networks Content Extension to closely monitor your Juniper Networks deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Secure Access Custom Properties for Juniper Networks Content Extension V1.0.1
The owner for the Policy custom property was set to admin
.
IBM Security QRadar Secure Access Custom Properties for Juniper Networks Content Extension V1.0.0
The following table shows the custom properties in IBM Security QRadar Secure Access Custom Properties for Juniper Networks Content Extension V1.0.0.
Name | Regex |
---|---|
BytesReceived | \[\d+.\d+.\d+.\d+\](.*?)?\((.*?)?\)\[(.*?)?\] - Closed connection to (.*?) port \d+ after (\d+) seconds, with (\d+) bytes read (.*?)? and (\d+) bytes written |
BytesSent | \[\d+.\d+.\d+.\d+\](.*?)?\((.*?)?\)\[(.*?)?\] - Closed connection to (.*?) port \d+ after (\d+) seconds, with (\d+) bytes read (.*?)? and (\d+) bytes written |
Date_Time | (\d{4}-\d{2}-\d{2}\s+\d{2}:\d{2}:\d{2}) |
Duration_Seconds | duration=(\d+) \[\d+.\d+.\d+.\d+\](.*?)?\((.*?)?\)\[(.*?)?\] - Closed connection to (.*?) port \d+ after (\d+) seconds, with (\d+) bytes read (.*?)? and (\d+) bytes written |
Policy | \d+-\d+-\d+ \d+:\d+:\d+ - .*? - \[\d+.\d+.\d+.\d+\] .*?\(.*?\)\[.*?\] - (.*)? in
Role [pP]olicy '(.*?)' |
Realm | Realm (.*?)[:,] realm=(['"])(.*?)\1 \((.*) realm\) \[\d+.\d+.\d+.\d+\].*\((.*)?\) |
Resource | \[\d+.\d+.\d+.\d+\] .*\([.*]?.*?\)\[.*?\] - Resources in Policy '.*?' is modified from \[(.*?)\] to \[(.*)\] |
Role | \[\d+.\d+.\d+.\d+\] .*\([.*]?.*?\)\[(.*?)\] [rR]ole[s]?[= ](['"])(.*?)\1 |
URL | \(URL=(.*?)\) |