Snort
Use the IBM Security QRadar Custom Properties for Snort Content Extension to closely monitor your Snort OS deployment.
Important: To avoid content errors in this content extension, keep the associated DSMs
up to date. DSMs are updated as a part of the automatic updates. If automatic updates are not
enabled, download the most recent version of the associated DSMs from IBM® Fix Central (https://www.ibm.com/support/fixcentral).
IBM Security QRadar Custom Properties for Snort Content Extension 1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Snort Content Extension 1.0.0.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Classification | No | 1 | Classification:\s(.*?)\] |
Impact | Yes | 1 | Impact:\s(.*?)\] |
Priority | No | 1 | Priority:\s(\d+) |
Rule ID | No | 1 | \[\d+:(\d+) |
Rule Name | Yes | 1 | \]\s(.*?)\s\[ \[\d+.\d+.\d+.\d+\]\s(.*?)\s\[ |