IBM QRadarJoin this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
Custom event properties are a key component in QRadar used to extend the parsing provided by IBM’s parsing modules (DSMs) to add additional fields to use in rules, searches, and other content. Although we have added numerous new Custom Property extraction methods (such as LEEF, CEF, JSON Keypath, Generic List, and others) Regex is still a heavily used extraction method and can be resource intensive to process. The use of Predictive Parsing can greatly accelerate regex-based extraction. Watch the video to dive into the benefits, how to enable and troubleshooting tips. For more information view the documentation around this feature here.
00:03:34