Hi, I'm working with ESM 10.2
I want to do a correlation rule that triggers when the field "Process_Name" has a value of example firefox, chrome or iexplore. but I'm unable to make it work.
Process_Name: C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
regex(*/chrome/i*) to do case insensitive and the rest of the string
but it says error when rollout.Need Help please
Solved! Go to Solution.
I tried to write a regex for not contains.
This regex is working on Search but not on Corelation Rule.
This is my regex Service_Name regex ^((?!MpKs).)*$
My string is MpK1asd123
Do you have any suggestion for it?
I have the same issue, integrating regex on correlation rule field.
In filter it is working but in correlation rule field its not. I need a DOES NOT CONTAIN REGEX.of test.com.ph on "FROM" field
This is my code: ^((?!test\x2ecom\x2eph).)*$
Any suggestion for this?
Would appreciate any response.