cancel
Showing results for 
Search instead for 
Did you mean: 

Regex in correlation rules

Jump to solution

Hi,

Is there any way to use a regular expression inside a correlation rule?

I want to filter out  in a rule a set of users identified by a regex. Does anyone know if it is possible to do it??

Thanks!

1 Solution

Accepted Solutions
xded
Level 12
Report Inappropriate Content
Message 4 of 4

Re: Regex in correlation rules

Jump to solution

Hi,

you can not use regex on the field source user. Take a look und the fiel Message_Text than on the drop down (In, Not In Contains Regex). This field have the option for regex.

3 Replies
xded
Level 12
Report Inappropriate Content
Message 2 of 4

Re: Regex in correlation rules

Jump to solution

Hi you can use regex in correlation rule but you need a field based on string.

Re: Regex in correlation rules

Jump to solution

Thanks, I have tried but did not work, maybe I am doing something wrong?

When using this regex over the source name field, it does nothing

Captura.PNG

Can you tell me if this is the proper way to use regex?

Captura.PNG
The regex is "regex((\w{3}-[\w|\d]{7}-\d{3}\$)|(MSA_\w{3}_\w{3}\$.*)|(NLEP[^\d]*\d{3}\$|[sS][vV][cC][-_].*|VLAN-.*\$|EPCVLANTEST.*\$))", I have tested it and works fine.

Regards!

xded
Level 12
Report Inappropriate Content
Message 4 of 4

Re: Regex in correlation rules

Jump to solution

Hi,

you can not use regex on the field source user. Take a look und the fiel Message_Text than on the drop down (In, Not In Contains Regex). This field have the option for regex.