import re
regex = re.compile(r"\"type\":\"(?P<threat_purpose>[^:]+):(?P<threat_resource_affected>[^\/]+)\/(?P<threat_name>[^!]+)\!(?P<threat_artifact>[^\"]*?)", flags=re.MULTILINE)
test_str = "{\"detail-type\":\"GuardDuty Finding\",\"resources\":[],\"source\":\"aws.guardduty\",\"id\":\"xxxxx-xx\",\"detail\":{\"schemaVersion\":\"2.0\",\"accountId\":\"1234567890\",\"region\":\"us-west-2\",\"partition\":\"aws\",\"id\":\"xxxxxxxx\",\"arn\":\"arn:aws:guardduty:us-west-2:1234567890:detector/XXXXXXX/finding/xxxxxxx\",\"type\":\"Trojan:EC2/PhishingDomainRequest!DNS\",\"resource\":{\"resourceType\":\"Instance\",\"instanceDetails\":{\"instanceId\":\"i-99999999\",\"instanceType\":\"m3.xlarge\",\"launchTime\":\"2016-08-02T02:05:06Z\",\"productCodes\":[{\"productCodeId\":\"GeneratedFindingProductCodeId\",\"productCodeType\":\"GeneratedFindingProductCodeType\"}],\"iamInstanceProfile\":{\"arn\":\"GeneratedFindingInstanceProfileArn\",\"id\":\"GeneratedFindingInstanceProfileId\"},\"networkInterfaces\":[{\"ipv6Addresses\":[],\"privateDnsName\":\"GeneratedFindingPrivateDnsName\",\"privateIpAddress\":\"127.0.0.1\",\"privateIpAddresses\":[{\"privateDnsName\":\"GeneratedFindingPrivateName\",\"privateIpAddress\":\"127.0.0.1\"}],\"subnetId\":\"GeneratedFindingSubnetId\",\"vpcId\":\"ein-ffdd1234\",\"securityGroups\":[{\"groupName\":\"SecurityGroup01\",\"groupId\":\"GeneratedFindingSecurityId\"}],\"publicDnsName\":\"bbb.com\",\"publicIp\":\"127.0.0.1\"}],\"tags\":[{\"key\":\"GeneratedFindingInstaceTag1\",\"value\":\"GeneratedFindingInstaceValue1\"},{\"key\":\"ami-99999999\",\"imageDescription\":\"GeneratedFindingInstaceImageDescription\"}],\"service\":{\"serviceName\":\"guardduty\",\"detectorId\":\"xxxxxx\",\"action\":{\"actionType\":\"DNS_REQUEST\",\"dnsRequestAction\":{\"domain\":\"GeneratedFindingDomainName\",\"protocol\":\"UDP\",\"blocked\":true}},\"resourceRole\":\"TARGET\",\"additionalInfo\":{\"threatListName\":\"GeneratedFindingThreatListName\",\"sample\":true},\"eventFirstSeen\":\"2020-06-02T20:22:26.350Z\",\"eventLastSeen\":\"2020-06-03T20:22:26.350Z\",\"archived\":false,\"count\":1},\"severity\":8,\"createdAt\":\"2020-06-02T20:22:26.350Z\",\"updatedAt\":\"2020-06-03T20:22:26.350Z\",\"title\":\"Trojan:EC2/PhishingDomainRequest!DNS\",\"description\":\"Trojan:EC2/PhishingDomainRequest!DNS\"}}},\"time\":\"2018-02-28T20:25:00Z\",\"region\":\"us-west-2\",\"version\":\"0\",\"account\":\"1234567890\"}"
matches = regex.finditer(test_str)
for match_num, match in enumerate(matches, start=1):
print(f"Match {match_num} was found at {match.start()}-{match.end()}: {match.group()}")
for group_num, group in enumerate(match.groups(), start=1):
print(f"Group {group_num} found at {match.start(group_num)}-{match.end(group_num)}: {group}")
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Python, please visit: https://docs.python.org/3/library/re.html