cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
ppineda
ppineda
Level 8
Report Inappropriate Content
Message 1 of 6
‎11-07-2018 09:39 AM

Correlation rule match regex or contains

Jump to solution

Hi, I'm working with ESM 10.2

I want to do a correlation rule that triggers when the field "Process_Name" has a value of example firefox, chrome or iexplore. but I'm unable to make it work.

Example:

Process_Name: C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE

regex(*/chrome/i*)  to do case insensitive and the rest of the string

but it says error when rollout.Capture.PNGNeed Help please

 

 

 

Labels (3)
0 Kudos
Reply
1 Solution

Accepted Solutions
David1111
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 6
‎11-08-2018 03:03 AM

Re: Correlation rule match regex or contains

Jump to solution

Hi

Sorry but your REGEX is not to effective..

try this:

(?i).*chrome.*

hope it helps

Best regards!

0 Kudos
Reply
5 Replies
David1111
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 6
‎11-08-2018 03:03 AM

Re: Correlation rule match regex or contains

Jump to solution

Hi

Sorry but your REGEX is not to effective..

try this:

(?i).*chrome.*

hope it helps

Best regards!

0 Kudos
Reply
ppineda
ppineda
Level 8
Report Inappropriate Content
Message 3 of 6
‎11-09-2018 08:45 AM

Re: Correlation rule match regex or contains

Jump to solution

Thanks

I'll give it a try and let you know what happens.

0 Kudos
Reply
Highlighted
David1111
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 4 of 6
‎11-10-2018 11:25 PM

Re: Correlation rule match regex or contains

Jump to solution

Hi ppineda

intrested if it workes.

please updeate the result

Best regards!

David

0 Kudos
Reply
ppineda
ppineda
Level 8
Report Inappropriate Content
Message 5 of 6
‎12-04-2018 02:23 PM

Re: Correlation rule match regex or contains

Jump to solution

Sorry for the wait.

I can confirm that it fired an event.

Capture.PNG

Capture2.PNG

 

0 Kudos
Reply
David1111
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 6 of 6
‎12-05-2018 02:40 AM

Re: Correlation rule match regex or contains

Jump to solution

Thank you very much

Best regsards.

0 Kudos
Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator

    • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community


    Corporate Headquarters
    2821 Mission College Blvd.
    Santa Clara, CA 95054 USA

    Consumer Support   |   Enterprise Support   |   McAfee.com

    Legal   |   Privacy   |   Copyright © 2019 McAfee, LLC