Squid
Use the IBM Security QRadar Custom Properties for Squid to closely monitor your Squid Web Proxy deployment.
IBM Security QRadar Custom Properties for Squid 1.0.4
The HTTP Status code custom property is removed in IBM Security QRadar Custom Properties for Squid 1.0.4.
IBM Security QRadar Custom Properties for Squid 1.0.3
The following table shows the new custom properties in IBM Security QRadar Custom Properties for Squid 1.0.3.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Response Code | No | 1 | \/(\d{3})\s+ |
The HTTP Status Code custom property is deprecated. The new Response Code custom property can be used instead.
IBM Security QRadar Custom Properties for Squid V1.0.2
The following table shows the custom properties that are updated in IBM Security QRadar Custom Properties for Squid V1.0.2.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
BytesReceived | Yes | 1 | (\d+)\s(?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE) |
The URL custom property was given a new ID, to avoid a conflict with custom properties with the same name from other content extensions.
IBM Security QRadar Custom Properties for Squid V1.0.1
The following table shows the custom properties in IBM Security QRadar Custom Properties for Squid V1.0.1.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
URL | Yes | 1 | (?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE)\s([^\;\s]+) |
URL Scheme | No | 1 | (?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE)\s([^\;\s\/]*?):\/\/ |
UrlHost | Yes | 1 | (?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE)\s(?:[^\;\s\/]*?:\/\/)?(?:www\.)?([^\s\;\/:\,\"]+) |
URL Path | No | 1 | (?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE)\s(?:[^\;\s\/]*?:\/\/)[^\;\s\/]+\/([^\;\s\?]+) |
Filename | Yes | 1 | (?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE)\s(?:[^\;\s\/]*?:\/\/)[^\;\s\?]+\/([^\;\s\?]+\.[^\;\s\?]+) |
File Extension | Yes | 1 | (?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE)\s(?:[^\;\s\/]*?:\/\/)[^\;\s\?]+\/[^\;\s\?]+\.([^\;\s\?]+) |
URL Query String | No | 1 | (?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE)\s(?:[^\;\s\/]*?:\/\/)[^\;\s\?]+\?([^\;\s]+) |
Method | No | 1 | (GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE)\s |
Content type | No | 1 | \/\d{3}(?:\s[\w\/\.\-\:\?\&\=]*){5}\s(.{2,}) |
BytesReceived | No | 1 | (\d+)\s(?:GET|POST|CONNECT|TUNNEL|HEAD|PUT|DELETE) |
IBM Security QRadar Custom Properties for Squid V1.0.0
The following table shows the custom properties in IBM Security QRadar Custom Properties for Squid V1.0.0.
Name | Regex |
---|---|
HTTP Status Code | \/(\d{3})\s+ |
Method | (GET|POST|CONNECT|TUNNEL)\s |
URL | CONNECT\s+(\w+\.\w+\.\w+): (http|ftp|tcp|https):\/\/(.+?)\s |