Regular Expressions 101

Save & Share

Regex Version: ver. 1
Update Regex
ctrl+⇧+s
Save new Regex
ctrl+s
Add to Community Library

Flavor

PCRE2 (PHP >=7.3)
PCRE (PHP <7.3)
ECMAScript (JavaScript)
Python
Golang
Java 8
.NET 7.0 (C#)
Rust
Regex Flavor Guide

Function

Match
Substitution
List
Unit Tests

Tools

Code Generator
Regex Debugger
Export Matches
Benchmark Regex

Regular Expression
No Match

Test String

Code Generator

Language

Generated Code

using System;
using System.Text.RegularExpressions;

public class Example
{
    public static void Main()
    {
        string pattern = @"(EventCode=(4624|4634|4625)\X*Account Name:(\s+.*\.adm.*))|(EventCode=(4659|4663|5145)\X*Object Name:(\s+.*Test_share.*))";
        string input = @"05/03/2024 02:46:06 PM
LogName=Security
EventCode=4624
EventType=0
ComputerName=myhost
SourceName=Microsoft Windows security auditing.
Type=Information
RecordNumber=0
Keywords=Audit Success
TaskCategory=Logon
OpCode=Info
Message=An account was successfully logged on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Information:
	Logon Type:		3
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		Yes

Impersonation Level:		Delegation

New Logon:
	Security ID:		DOMAIN\user.adm
	Account Name:		user.adm
	Account Domain:		DOMAIN.LOCAL
	Logon ID:		0
	Linked Logon ID:		0x0
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{}

Process Information:
	Process ID:		0x0
	Process Name:		-

Network Information:
	Workstation Name:	-
	Source Network Address:	
	Source Port:		63095

Detailed Authentication Information:
	Logon Process:		Kerberos
	Authentication Package:	Kerberos
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0



04/30/2024 04:49:05 PM
LogName=Security
EventCode=4659
EventType=0
ComputerName=MyHost
SourceName=Microsoft Windows security auditing.
Type=Information
RecordNumber=0
Keywords=Audit Success
TaskCategory=File System
OpCode=Info
Message=A handle to an object was requested with intent to delete.

Subject:
	Security ID:		myuser
	Account Name:		myuser
	Account Domain:		Domain
	Logon ID:		0x580B3D59

Object:
	Object Server:	Security
	Object Type:	File
	Object Name:	D:\Test_share\prova.txt
	Handle ID:	0x0

Process Information:
	Process ID:	0x4

Access Request Information:
	Transaction ID:	{00000000-0000-0000-0000-000000000000}
	Accesses:	DELETE
				ReadAttributes
				
	Access Mask:	0x10080
	Privileges Used for Access Check:	-";
        RegexOptions options = RegexOptions.Multiline;
        
        foreach (Match m in Regex.Matches(input, pattern, options))
        {
            Console.WriteLine("'{0}' found at index {1}.", m.Value, m.Index);
        }
    }
}

Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for C#, please visit: https://msdn.microsoft.com/en-us/library/system.text.regularexpressions.regex(v=vs.110).aspx

Regular Expressions 101

Save & Share

Flavor

Function

Tools

Explanation

Match Information

Quick Reference

Regular Expression
No Match

Test String

Code Generator

Language

Generated Code

Save & Share

Flavor

Function

Tools

Explanation

Match Information

Quick Reference

Regular ExpressionNo Match

Test String

Regular Expression
No Match