import Foundation
let pattern = #""type":"(?P<threat_purpose>[^:]+):(?P<threat_resource_affected>[^\/]+)\/(?P<threat_name>[^!]+)\!(?P<threat_artifact>[^"]*?)"#
let regex = try! NSRegularExpression(pattern: pattern, options: .anchorsMatchLines)
let testString = #"{"detail-type":"GuardDuty Finding","resources":[],"source":"aws.guardduty","id":"xxxxx-xx","detail":{"schemaVersion":"2.0","accountId":"1234567890","region":"us-west-2","partition":"aws","id":"xxxxxxxx","arn":"arn:aws:guardduty:us-west-2:1234567890:detector/XXXXXXX/finding/xxxxxxx","type":"Trojan:EC2/PhishingDomainRequest!DNS","resource":{"resourceType":"Instance","instanceDetails":{"instanceId":"i-99999999","instanceType":"m3.xlarge","launchTime":"2016-08-02T02:05:06Z","productCodes":[{"productCodeId":"GeneratedFindingProductCodeId","productCodeType":"GeneratedFindingProductCodeType"}],"iamInstanceProfile":{"arn":"GeneratedFindingInstanceProfileArn","id":"GeneratedFindingInstanceProfileId"},"networkInterfaces":[{"ipv6Addresses":[],"privateDnsName":"GeneratedFindingPrivateDnsName","privateIpAddress":"127.0.0.1","privateIpAddresses":[{"privateDnsName":"GeneratedFindingPrivateName","privateIpAddress":"127.0.0.1"}],"subnetId":"GeneratedFindingSubnetId","vpcId":"ein-ffdd1234","securityGroups":[{"groupName":"SecurityGroup01","groupId":"GeneratedFindingSecurityId"}],"publicDnsName":"bbb.com","publicIp":"127.0.0.1"}],"tags":[{"key":"GeneratedFindingInstaceTag1","value":"GeneratedFindingInstaceValue1"},{"key":"ami-99999999","imageDescription":"GeneratedFindingInstaceImageDescription"}],"service":{"serviceName":"guardduty","detectorId":"xxxxxx","action":{"actionType":"DNS_REQUEST","dnsRequestAction":{"domain":"GeneratedFindingDomainName","protocol":"UDP","blocked":true}},"resourceRole":"TARGET","additionalInfo":{"threatListName":"GeneratedFindingThreatListName","sample":true},"eventFirstSeen":"2020-06-02T20:22:26.350Z","eventLastSeen":"2020-06-03T20:22:26.350Z","archived":false,"count":1},"severity":8,"createdAt":"2020-06-02T20:22:26.350Z","updatedAt":"2020-06-03T20:22:26.350Z","title":"Trojan:EC2/PhishingDomainRequest!DNS","description":"Trojan:EC2/PhishingDomainRequest!DNS"}}},"time":"2018-02-28T20:25:00Z","region":"us-west-2","version":"0","account":"1234567890"}"#
let stringRange = NSRange(location: 0, length: testString.utf16.count)
let matches = regex.matches(in: testString, range: stringRange)
var result: [[String]] = []
for match in matches {
var groups: [String] = []
for rangeIndex in 1 ..< match.numberOfRanges {
let nsRange = match.range(at: rangeIndex)
guard !NSEqualRanges(nsRange, NSMakeRange(NSNotFound, 0)) else { continue }
let string = (testString as NSString).substring(with: nsRange)
groups.append(string)
}
if !groups.isEmpty {
result.append(groups)
}
}
print(result)
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Swift 5.2, please visit: https://developer.apple.com/documentation/foundation/nsregularexpression