2 Replies Latest reply on Mar 23, 2017 2:07 PM by anton2016

    RegEx format for Field Match Alarms

    anton2016

      What is the proper RegEX format for Field Match alarms? I'm trying to implement a very simple RegEx match for the word hidden, case insensitive. Normally this would just be /(hidden)/i but it doesn't seem to work in the Field Match alarm section

      hidden.jpg

       

      The filter for "hidden" or "Hidden" seems works fine, so i've narrowed the problem down to the RegEx match, not the alarm logic itself.

       

      For context this is parsing PowerShell logs to look for PS execution trying to hide the window.

       

      Any help appreciated

       

      Thank you!