2 Replies Latest reply on Sep 19, 2014 4:42 AM by japie

    Using Regex in Destination_File field for EPO data


      Hi Folks


      Is anyone using regex's to monitor destination_file fields in McAfee SIEM from EPO as a data source?


      I have tried a couple of variations and some really basic syntaxes but receiving the following error:

      We basically want to look for  "Keygens","Serial","Crack" and a couple of more items.


      Invalid regular expression. (ER5-0015)


      Anybody doing anything similiar or have some pointers?