Regular Expressions 101

Community Patterns

006 - PaloAlto Threat url CSV

0

Regular Expression
PCRE (PHP <7.3)

/
(?P<pan_log_receive_time>\w{3}\s*\d+\s*\d+:\d+:\d+)\s+(?:[^,]*,){3}(?P<pan_log_type>THREAT),(?P<pan_log_subtype>[^,]*),(?:[^,]*,){2}(?P<pan_log_src>[^,]*),(?P<pan_log_dst>[^,]*),(?:[^,]*,){2}(?P<pan_threat_policy>[^,]*),(?P<pan_threat_srcuser>[^,]*),(?:[^,]*),(?P<pan_threat_app>[^,]*),(?P<pan_threat_vsys>[^,]*),(?P<pan_threat_srczone>[^,]*),(?P<pan_threat_dstzone>[^,]*),(?P<pan_threat_inbound_if>[^,]*),(?P<pan_threat_outbound_if>[^,]*),(?:[^,]*,){4}(?P<pan_log_sport>[^,]*),(?P<pan_log_dstport>[^,]*),(?:[^,]*,){3}(?P<proto>[^,]*),(?P<action>[^,]*),"(?P<url>[^"]*)",\((?P<threat_id>\d+)\),(?P<cat>[^,]*),(?P<sev>[^,]*)
/
gm

Description

no description available

Submitted by anonymous - 6 years ago