Hi, I'm working with ESM 10.2
I want to do a correlation rule that triggers when the field "Process_Name" has a value of example firefox, chrome or iexplore. but I'm unable to make it work.
Example:
Process_Name: C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
regex(*/chrome/i*) to do case insensitive and the rest of the string
but it says error when rollout.Need Help please
Solved! Go to Solution.
Hi
Sorry but your REGEX is not to effective..
try this:
(?i).*chrome.*
hope it helps
Best regards!
Hi
Sorry but your REGEX is not to effective..
try this:
(?i).*chrome.*
hope it helps
Best regards!
Thanks
I'll give it a try and let you know what happens.
Hi ppineda
intrested if it workes.
please updeate the result
Best regards!
David
Sorry for the wait.
I can confirm that it fired an event.
Thank you very much
Best regsards.
Hi Sir,
I tried to write a regex for not contains.
This regex is working on Search but not on Corelation Rule.
This is my regex Service_Name regex ^((?!MpKs).)*$
My string is MpK1asd123
Do you have any suggestion for it?
Thanks
Regards
Hi,
I have the same issue, integrating regex on correlation rule field.
In filter it is working but in correlation rule field its not. I need a DOES NOT CONTAIN REGEX.of test.com.ph on "FROM" field
This is my code: ^((?!test\x2ecom\x2eph).)*$
Any suggestion for this?
Would appreciate any response.
Thanks.
Hello,
Did you get any solution? i am also looking for does not contains regex. Please help
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA