Regular Expressions 101

Community Patterns

SIEM Use Case No 11 - System configuration changes

0

Regular Expression
PCRE (PHP <7.3)

/
<EventTypeCode csd-code=\"(?<myEventTypeCode>PPQ-1)\".+?<ActiveParticipant UserID=\"(?<myUserID>\w{0,})\" UserName=\"(?<myUserName>[^\"]*)\" UserIsRequestor=\"true\".*?<RoleIDCode csd-code=\"(?<myRoleCode>\w{1,})\".+?<AuditSourceIdentification.+?AuditSourceID=\"(?<myAuditSourceID>.+?)\">.+?<ParticipantObjectIdentification ParticipantObjectID=\"(?<myParticipantObjectID>\d{1,})[^\"]+?2\.16\.756\.5\.30\.1\.127.+?\" ParticipantObjectTypeCode=\"1\" ParticipantObjectTypeCodeRole=\"1\">
/
gs

Description

no description available

Submitted by anonymous - 3 years ago