IBM z/OS
Use the IBM Security QRadar IBM z/OS® Custom Properties Content Extension to closely monitor your IBM® z/OS deployment.
IBM Security QRadar IBM z/OS Custom Properties Content Extension
- IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.4
- IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.3
- IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.2
- IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.1
- IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.0
- IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.0.1
- IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.0.0
IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.4
The following table shows the custom properties that are new or updated in IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.4.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Catalog | Yes | 1 | catalog=([^\t]+) |
Command | Yes | 1 | cmd=([^\t]+) |
Completion Code | Yes | 1 | compCode=([^\t]+) |
Completion status | Yes | 1 | compStat=([^\t]+) |
Data set name | Yes | 1 | dsn=([^\t]+) |
DD name | Yes | 1 | dd=([^\t]+) |
Descriptor | Yes | 1 | desc=([^\t]+) |
Event Summary | Yes | 1 | sum=([^\t]+) |
Function code | Yes | 1 | function=([^\t]+) |
JES line | Yes | 1 | line=([^\t]+) |
JES remote terminal name | Yes | 1 | line rmt=([^\t]+) |
Job name | Yes | 1 | job=[^\t]{29}([^\t]{8}) |
Job number | Yes | 1 | jobid=([^\t]+) |
Member name | Yes | 1 | member=([^\t]+) |
NJE node name | Yes | 1 | node=([^\t]+) |
Old data set name | Yes | 1 | oldda=([^\t]+) |
Person name | Yes | 1 | name=([^\t]+)) |
Physical DASD box serial | Yes | 1 | box=([^\t]+) |
Port of entry | Yes | 1 | poe=([^\t]+) |
Private/owned data set | Yes | 1 | own=([^\t]+) |
Program | Yes | 1 | program=([^\t]+) |
RACF Profile | Yes | 1 | prof=([^\t]+) |
Resource Sensitivity | Yes | 1 | sens=([^\t]+) |
SAF Class | Yes | 1 | class=([^\t]+) |
SAF Resource name | Yes | 1 | res=([^\t]+) |
Sensitive Groups | Yes | 1 | usrGroups=([^\t]+ |
Sensitive user privileges | Yes | 1 | usrPriv=([^\t]+) |
SNA terminal name | Yes | 1 | terminal=([^\t]+) |
Step name | Yes | 1 | stepname=([^\t]+) |
Submitted by | Yes | 1 | submitby=([^\t]+) |
Subsystem name | Yes | 1 | subsys=([^\t]+) |
System SMF id | Yes | 1 | job=([^\t]{4}) |
System/job | Yes | 1 | job=([^\t]+) |
UNIX path name | Yes | 1 | path=([^\t]+) |
Volume serial | Yes | 1 | vol=([^\t]+) |
IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.3
The following table shows the custom properties that are new or updated in IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.3.
Name | Optimized | Capture Group | Regex |
---|---|---|---|
Data key label in ICSF | No | 1 | keypol=([^\t]+) |
IKE Tunnel encryption chaining | No | 1 | ikechn=([^\t]+) |
IKE Tunnel encryption family | No | 1 | ikealg=([^\t]+) |
IKE Tunnel encryption key length | No | 1 | ikekeylen=([^\t]+) |
IPSec Tunnel encryption chaining | No | 1 | ipsecchn=([^\t]+) |
IPSec Tunnel encryption family | No | 1 | ipsecalg=([^\t]+) |
IPSec Tunnel encryption key length | No | 1 | ipseckeylen=([^\t]+) |
SA Active Connections Begin | No | 1 | activeBeg=([^\t]+) |
SA Active Connections End | No | 1 | activeEnd=([^\t]+) |
SA Connections Begin | No | 1 | connsBeg=([^\t]+) |
SA Connections End | No | 1 | connsEnd=([^\t]+) |
SA Partial Connections Begin | No | 1 | partialBeg=([^\t]+) |
SA Partial Connections End | No | 1 | partialEnd=([^\t]+) |
SA Short Connections Begin | No | 1 | shortBeg=([^\t]+) |
SA Short Connections End | No | 1 | shortEnd=([^\t]+) |
SMS Data Class | No | 1 | dataclas=([^\t]+) |
SMS Management Class | No | 1 | mgmtclas=([^\t]+) |
SMS Storage Class | No | 1 | storclas=([^\t]+) |
SSH Inbound encryption chaining | No | 1 | sshIchn=([^\t]+) |
SSH Inbound encryption family | No | 1 | sshIalg=([^\t]+) |
SSH Inbound encryption key length | No | 1 | sshIkeylen=([^\t]+) |
SSH Outbound encryption chaining | No | 1 | sshOchn=([^\t]+) |
SSH Outbound encryption family | No | 1 | sshOalg=([^\t]+) |
SSH Outbound encryption key length | No | 1 | sshOkeylen=([^\t]+) |
TLS Client Cert | No | 1 | tlsCCertSig=([^\t]+) |
TLS encryption chaining mode | No | 1 | tlschn=([^\t]+) |
TLS encryption family | No | 1 | tlsalg=([^\t]+) |
TLS encryption key length | No | 1 | tlskeylen=([^\t]+) |
TLS key exchange method | No | 1 | tlsKexAlg=([^\t]+) |
TLS message digest | No | 1 | tlsMsgAuth=([^\t]+) |
TLS or SSL protocol level | No | 1 | tlsProtVer=([^\t]+) TLSproto=([^\t]+) |
TLS Server Cert | No | 1 | tlsSCertSig=([^\t]+) |
Transport Layer Connection ID | No | 1 | saConnId=([^\t]+) |
IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.2
The Action custom property was assigned a new ID. Delete the Action custom property before you install V1.1.2.
The following table shows the custom properties that are updated in IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.2.
Name | Optimized | Regex |
---|---|---|
Access Intent | Yes | intent=([^\t]+) |
IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.1
The following table shows the custom properties that are removed in IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.1.
Name | Regex |
---|---|
Subsystem name | subsys=([^\t]+) |
IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.0
The following table shows the custom properties that are new or updated in IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.1.0.
Name | Regex |
---|---|
Cipher Suite ID | tlsNegCipher=([^\t]+) |
Data Set Key Algorithm | keyalg=([^\t]+) |
Data Set Key Label | keylbl=([^\t]+) |
Data Set Key Length | keylen=([^\t]+) |
IP Connection ID | saConnId=([^\t]+) |
IP Protocol | IPproto=([^\t]+) |
Job name | jobname=([^\t]+) |
SMF Record Type | LEEF:[^\|]+\|IBM\|z\/OS\|[^\|]+\|([^\|]+)\| LEEF:[^\|]+\|IBM\|RACF\|[^\|]+\|([^\|]+)\| LEEF:[^\|]+\|IBM\|DB2\|[^\|]+\|([^\|]+)\| LEEF:[^\|]+\|IBM\|CICS\|[^\|]+\|([^\|]+)\| |
Stack | stack=([^\t]+) |
Subsystem name | sysname=([^\t]+) |
Sysplex Name | sysplex=([^\t]+) |
SNA terminal name | LU\s([a-zA-Z0-9]\w+) terminal=([^\t]+) |
TLS encryption family | tlsalg=([^\t]+) |
TLS encryption chaining mode | tlschn=([^\t]+) |
TLS encryption key length | tlskeylen=([^\t]+) |
TLS message digest | tlsMsgAuth=([^\t]+) |
TLS or SSL protocol level | tlsProtVer=([^\t]+) |
TLS key exchange method | tlsKexAlg=([^\t]+) |
TLS Client Cert | tlsCCertSig=([^\t]+) |
Bypass request | bypass_req=([^\t]+) |
IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.0.1
The following table shows the custom properties that are new or updated in IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.0.1.
Name | Regex |
---|---|
Action | action=([ˆ\t]+) |
Key label | keylabel=([ˆ\t]+) |
IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.0.0
The following table shows the custom properties that are new or updated in IBM Security QRadar IBM z/OS Custom Properties Content Extension V1.0.0.
Name | Regex |
---|---|
Event sum | sum=([^\t]+) |
Access intent | intent=([^\t]+) |
Catalog | catalog=([^\t]+) |
Command | cmd=([^\t]+) |
Completion code | compCode=([^\t]+) |
Completion status | compStat=([^\t]+) |
Data set name | dsn=([^\t]+) |
DD name | dd=([^\t]+) |
Descriptor | desc=([^\t]+) |
Function code | function=([^\t]+) |
JES line | line=([^\t]+) |
JES remote terminal | line rmt=([^\t]+) |
Job number | jobid=([^\t]+) |
Member name | member=([^\t]+) |
NJE node name | node=([^\t]+) |
Old data set name | oldda=([^\t]+) |
Person name | name=([^\t]+) |
Physical DASD box serial | box=([^\t]+) |
Port of entry | poe=([^\t]+) |
Private / owned data set | own=([^\t]+) |
Program | program=([^\t]+) |
RACF profile | prof=([^\t]+) |
SAF class | class=([^\t]+) |
SAF resource name | res=([^\t]+) |
SNA terminal name | terminal=([^\t]+) |
Step name | stepname=([^\t]+) |
Submitted by | submitby=([^\t]+) |
System / job | job=([^\t]+) |
UNIX path name | path=([^\t]+) |
Volume serial | vol=([^\t]+) |
System SMF id | job=([^\t]{4}) |
Job name | job=[^\t]{29}([^\t]{8}) |
Resource sensitivity | sens=([^\t]+) |
Sensitive user privileges | usrPriv=([^\t]+) |
Sensitive groups | usrGroups=([^\t]+ |
Cipher | cipher=([ˆ\t\+) |
Allowed cipher priority order | cipherSuite=([ˆ\t\+) |
FIPS 140 compliance | FIPS140=([ˆ\t\+) |
Job tag | job=([ˆ\t\+) |
TLS RFC level | TLSlvl=([ˆ\t\+) |
TLS or SSL protocol level | TLSproto=([ˆ\t\+) |