2 Replies Latest reply on Mar 23, 2017 2:07 PM by anton2016

    RegEx format for Field Match Alarms


      What is the proper RegEX format for Field Match alarms? I'm trying to implement a very simple RegEx match for the word hidden, case insensitive. Normally this would just be /(hidden)/i but it doesn't seem to work in the Field Match alarm section



      The filter for "hidden" or "Hidden" seems works fine, so i've narrowed the problem down to the RegEx match, not the alarm logic itself.


      For context this is parsing PowerShell logs to look for PS execution trying to hide the window.


      Any help appreciated


      Thank you!