Question & Answer
Question
Custom Event Properties (CEP) are a key component in QRadar used to extend the parsing provided by IBM’s parsing modules (DSMs) to add additional fields to use in rules, searches, and other content. Although we have added numerous new Custom Property extraction methods (such as LEEF, CEF, JSON Keypath, Generic List, and others), Regex is still a heavily used extraction method and can be resource intensive to process. The use of QRadar SIEM 7.5.0 UP 12+ Predictive Parsing can greatly accelerate regex-based extraction.
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtEAAQ","label":"Log Activity"},{"code":"a8m0z000000cwthAAA","label":"Offenses"},{"code":"a8m0z000000cwtiAAA","label":"Performance"},{"code":"a8m0z000000cwtmAAA","label":"Reports"},{"code":"a8m0z000000cwtrAAA","label":"Rules"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
13 May 2025
UID
ibm17233157