using System;
using System.Text.RegularExpressions;
public class Example
{
public static void Main()
{
string pattern = @"ASM:unit_hostname=.*?policy_name=""(?<policy>.*?)"".*?violations=""(?<threatid>.*?)"".*?request_status=""(?<tag2>(?<status>\w+))"",response_code=""(?<responsecode>\d+)"".*?ip_client=""(?<sip>.*?)"".*?method=""(?<command>\w+)"",protocol=""(?<protname>.*?)""(,query_string=""(?<tag3>.*?)"")?(.*?severity=""(?<severity>.*?)"")?(,attack_type=""(?<tag1>(?<threatname>.*?))"")?(.*?username=""(n\/a|(?<login>.*?))"")?(,session_id=""(?<session>.*?)"")?(,src_port=""(?<sport>\d+)"")?(,dest_port=""(?<dport>\d+)"")?(,dest_ip=""(?<dip>.*?)"")?(,sub_violations=""(?<reason>.*?)"")?(.*?sig_cved=""(?<threatId>.*?)"")?(.*?uri=""(?<url>.*?)"")?.*?request=""(?<objectname>(.*?Host: (?<dname>.*?)\\r\\n)?(.*?User-Agent:(?<useragent>.*?)\\r\\n)?(.*?Referer:(?<object>.*?)\\r\\n)?(.*?Message%22:%22(?<subject>.*?)%22)?.*?)$";
string input = @"05 19 2022 12:57:11 2.0.0.5 <LOC0:INFO> May 19 12:57:11 test2xxxx.com ASM:unit_hostname=""test2xxxx.com"",management_ip_address=""10.1.1.1"",management_ip_address_2=""::"",http_class_name=""/Common/policy"",web_application_name=""/Common/policy"",policy_name=""/Common/policy"",policy_apply_date=""2022-05-18 10:34:52"",violations=""N/A"",support_id=""11111111111111111111111111"",request_status=""passed"",response_code=""200"",ip_client=""8.0.1.7"",route_domain=""922"",method=""POST"",protocol=""HTTPS"",query_string="",x_forwarded_for_header_value=""8.0.1.7"",sig_ids=""N/A"",sig_names=""N/A"",date_time=""2022-05-19 12:57:11"",severity=""Informational"",attack_type=""N/A"",geo_location=""SA"",ip_address_intelligence=""N/A"",username=""N/A"",session_id=""dddddddddddddddddddddd"",src_port=""23762"",dest_port=""443"",dest_ip=""2.2.2.2"",sub_violations=""N/A"",virus_name=""N/A"",violation_rating=""0"",websocket_direction=""N/A"",websocket_message_type=""N/A"",device_id=""N/A"",staged_sig_ids=""N/A"",staged_sig_names=""N/A"",threat_campaign_names=""N/A"",staged_threat_campaign_names=""N/A"",blocking_exception_reason=""N/A"",captcha_result=""not_received"",microservice=""N/A"",tap_event_id=""N/A"",tap_vid=""N/A"",vs_name=""/Common/RAI_web"",sig_cves=""N/A"",staged_sig_cves=""N/A"",uri=""/api/surveyssettings/update"",fragment="",request=""POST /api/surveyssettings/update HTTP/1.1\r\nHost: rai.xxxx.com\r\nConnection: keep-alive\r\nContent-Length: 601\r\nsec-ch-ua: %22 Not A;Brand%22;v=%2299%22, %22Chromium%22;v=%22101%22, %22Google Chrome%22;v=%22101%22\r\nAccept: application/json, text/plain, */*\r\nLang: ar\r\nsec-ch-ua-mobile: ?0\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36\r\nsec-ch-ua-platform: %22Windows%22\r\nContent-Type: application/json;charset=UTF-8\r\nOrigin: https://rai.xxxx.com\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Dest: empty\r\nAccept-Encoding: gzip, deflate, br\r\nAccept-Language: en,ar;q=0.9,en-US;q=0.8\r\nCookie: .AspNetCore.Culture=c%3Dar-SA%7Cuic%3Dar-SA; BPBBBBBBB=d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5d5; dm2=!v87cvbt78ffdv76tv87ht87vtsdb879bt879ftb7s6dbt87asdtf786astd7b6as76dftba87fa76sdfbt876asdtbf76sndtb7asdf76t7d6ft76dtbf/OUM=; .AspNetCore.Cookies=f7h5765hs87df5h8s7d6f5hf587s6dfh876sdfh765dfh675sfdsdf7g5fg675fd76g-ftf54-562PlNFc546v54v6hYJrSOhPPIfbpzCvi8rhMZUv0ub8sf8nXwUv45634v5vkhrB-45656WRv54654HI-_54yhg5CFuQ05QmPP6trytrye0ch2trP-rtfoNvDeWNMqZmuslvCMRrghUrpl8C8xu-zeaserytOYtIJZw25v9u42i40S-456756ujMrtysrtyjb-dtru56h_g6; BP404e1a15=408a4314117c2e61ghjgfhgfhfh88709870987hg9086dfgh986fg986fg98hj6dfg098h6fg9h854de21ea0a3790034b8919b02daa1bf81cf038f3d282781711\r\nX-Forwarded-For: 86.60.117.57\r\n\r\n{%22endDate%22:null,%22showProgressBar%22:null,%22collectEmail%22:null,%22isAnonymous%22:false,%22attachmentsId%22:null,%22surveyKey%22:%22CfDJ8OQ9_rktECJNqRvUhdqKqxP9-wJQSCczhFTirF_heCwZVV3YnmhnUIxvjigVY7duV6iL6v8rVeEfeeUNZsJR7Eo65eH62wPhGV5EFjLH456hfjHtTuuEJkfoCa_OJ0UQ%22,%22attachmentsTitle%22:null,%22confirmMessage%22:%22Thanks for your feedback%22,%22themeColor%22:null,%22backgroundColor%22:null,%22acceptNotification%22:true,%22objectKey%22:%2206950336-j560-dfjh65-8f92-hgfdrtuyrtu6d3%22,%22entityCode%22:%tuhtyu9_rktECJNqRvUhdqKqxO4456756jhfjfdD5fVruvMfOLS_Xq9vElFp9veszDJj-9O2FE-O5XfnV7vTd7gKrn1nwfgjhj657rJhg%22}"",response=""Response logging disabled""";
RegexOptions options = RegexOptions.Multiline;
foreach (Match m in Regex.Matches(input, pattern, options))
{
Console.WriteLine("'{0}' found at index {1}.", m.Value, m.Index);
}
}
}
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for C#, please visit: https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex(v=vs.110).aspx