Regular Expressions 101

Library entries

SIEM Extended Attribute Regex

Vote

1

Regular Expression
pcre

/
^.*?(?=\=)=\s"(?P<Severity>.*?(?=\"))".*?(?=Gauge32).*?(?=:):\s(?P<EventCount>\d+).*?(?=AlarmOriginEntity).*?(?=\:):\s+"(?P<OriginEntity>.*?(?=\"))".*?(?=\")"(?P<OriginHost>.*?(?=\"))".*?(?=\")"(?P<ImpactedHost>.*?(?=\"))".*?(?=\")"(?P<ImpactedApp>.*?(?=\"))".*?(?=\")"(?P<VendorMessageID>.*?(?=\"))".*?(?=\")"(?P<MPERuleName>.*?(?=\"))".*?(?=\")"(?P<EventDirection>.*?(?=\"))".*?(?=\")"(?P<OriginZone>.*?(?=\"))".*?(?=\")"(?P<ImpactedZone>.*?(?=\"))".*?(?=\")"(?P<ImpactedEntity>.*?(?=\"))".*?(?=\")"(?P<OriginLocation>.*?(?=\"))".*?(?=\")"(?P<ImpactedLocation>.*?(?=\"))".*?(?=\")"(?P<OriginNetwork>.*?(?=\"))".*?(?=\")"(?P<ImpactedNetwork>.*?(?=\"))".*?(?=\")"(?P<OriginPort>.*?(?=\"))".*?(?=\")"(?P<ImpactedPort>.*?(?=\"))".*?(?=\")"(?P<AlarmProtocol>.*?(?=\"))".*?(?=\")"(?P<OriginUser>.*?(?=\"))".*?(?=\")"(?P<ImpactedUser>.*?(?=\"))".*?(?=\")"(?P<AlarmObject>.*?(?=\"))".*?(?=\")"(?P<AlarmSender>.*?(?=\"))".*?(?=\")"(?P<AlarmRecipient>.*?(?=\"))".*?(?=\")"(?P<AlarmSubject>.*?(?=\"))".*?(?=\")"(?P<AlarmGroup>.*?(?=\"))".*?(?=\")"(?P<AlarmDomain>.*?(?=\"))".*?(?=\")"(?P<AlarmSession>.*?(?=\"))".*?(?=\")"(?P<AlarmProcessName>.*?(?=\"))".*?(?=\")"(?P<AlarmURL>.*?(?=\"))".*?(?=\")"(?P<BytesIn>.*?(?=\"))".*?(?=\")"(?P<BytesOut>.*?(?=\"))".*?(?=\")"(?P<ItemsIn>.*?(?=\"))".*?(?=\")"(?P<ItemsOut>.*?(?=\"))".*?(?=\")"(?P<Duration>.*?(?=\"))".*?(?=\")"(?P<Amount>.*?(?=\"))".*?(?=\")"(?P<Quantity>.*?(?=\"))".*?(?=\")"(?P<Rate>.*?(?=\"))".*?(?=\")"(?P<Size>.*?(?=\"))".*?(?=v\=)(?P<Message>.*?(?=\<\/aie\>)).*?(?=\=)=\s"(?P<KBWebRefernce>.*?(?=\"))".*?(?=\")"(?P<OriginMACAddress>.*?(?=\"))".*?(?=\")"(?P<ImpactedMACAddress>.*?(?=\"))".*?(?=\")"(?P<OriginNATIPAddress>.*?(?=\"))".*?(?=\")"(?P<ImpactedNATIPAddress>.*?(?=\"))".*?(?=\")"(?P<OriginInterface>.*?(?=\"))".*?(?=\")"(?P<ImpactedInterface>.*?(?=\"))".*?(?=\")"(?P<AlarmPID>.*?(?=\"))".*?(?=\")"(?P<AlarmVersion>.*?(?=\"))".*?(?=\")"(?P<AlarmCommand>.*?(?=\"))".*?(?=\")"(?P<AlarmObjectName>.*?(?=\"))".*?(?=\")"(?P<OriginNATPORT>.*?(?=\"))".*?(?=\")"(?P<ImpactedNATPort>.*?(?=\"))"
/

Description

Loading markdown...
Submitted by Stephen Kim - 5 years ago