ProTip for SIEM: How to Use Regex to Query ELM in the Most Efficient Manner

Version 1

    The ELM uses bloom indexes to optimize queries. While almost any Perl Compatible Regular Expression (PCRE) can be used for ELM searches, not every PCRE expression can be optimized to use the bloom. While the bloom regex optimizer performs pre-tuning to provide optimal searches, KB86052 explains how to obtain even better performance from your queries.