import Foundation
let pattern = #"Computer\s+name:\s+(?<Computer_Name>[^,]+)"#
let regex = try! NSRegularExpression(pattern: pattern, options: .anchorsMatchLines)
let testString = #"""
2020-07-04 21:36:33,Compressed File,IP Address: 192.168.1.1,Computer name: GHCC01SFG435,Source: Scheduled scan,Risk name: Heur.AdvML.B,Occurrences: 1,File path: T:\Tower\Installer\fgg5cfef.msi,Description: Still contains 1 infected items,Actual action: Quarantined,Requested action: Quarantined,Secondary action: Left alone,Event time: 2020-07-04 21:33:58,Event Insert Time: 2020-07-04 21:36:33,End Time: 2020-07-04 21:33:58,Last update time: 2020-07-04 21:36:33,Domain Name: Default,Group Name: My Company\HODW - Server\HODW - Development,Server Name: FGTY1ADA02,User Name: SYSTEM,Source Computer Name: ,Source Computer IP: ,Disposition: Good,Download site: null,Web domain: null,Downloaded by: null,Prevalence: Reputation was not used in this detection.,Confidence: Reputation was not used in this detection.,URL Tracking Status: Off,First Seen: Reputation was not used in this detection.,Sensitivity: Low,Permitted application reason: Not on the permitted application list,Application hash: ,Hash type: SHA1,Company name: ,Application name: ,Application version: ,Application type: -1,File size (bytes): 0,Category set: Malware,Category type: Heuristic Virus,Location: Default,Intensive Protection Level: 0,Certificate issuer: ,Certificate signer: ,Certificate thumbprint: ,Signing timestamp: ,Certificate serial number:
2020-07-08 11:59:34,Virus found,IP Address: 172.16.10.151,Computer name: U1135713,Source: Auto-Protect scan,Risk name: Heur.AdvML.C,Occurrences: 1,File path: C:\Windows\DVV\v4.0.6\namespace\hodw.tergtaw.fnd\user\user0\IUWGR\personal work\maliciousfile.exe,Description: ,Actual action: Deleted,Requested action: Cleaned,Secondary action: Deleted,Event time: 2020-07-08 11:55:57,Event Insert Time: 2020-07-08 11:59:34,End Time: 2020-07-08 11:55:57,Last update time: 2020-07-08 11:59:34,Domain Name: Default,Group Name: My Company\HODW - Server\HODW - HODW\HODW - Windows 10\HODW - BHTPN - Online Default,Server Name: FGTY1ADA02,User Name: IUWGR,Source Computer Name: U1135713. hodw.tergtaw.fnd,Source Computer IP: 127.0.0.1,Disposition: Bad,Download site: ,Web domain: ,Downloaded by: svchost.exe,Prevalence: This file has been seen by hundreds of Symantec users.,Confidence: This file is untrustworthy.,URL Tracking Status: On,First Seen: Symantec has known about this file for more than 1 year.,Sensitivity: ,Permitted application reason: Not on the permitted application list,Application hash: 500D8BB5500663G76016C16C377518E700287332406A5FAF3FDC8E87FBF51273,Hash type: SHA2,"Company name: W3i, LLC",Application name: Brueze.com Installation Utility,Application version: 1, 0, 36, 0,Application type: 127,File size (bytes): 12680312,Category set: Malware,Category type: Heuristic Virus,Location: BHTPN - TPN Connected (Wireless-Mobile),Intensive Protection Level: 0,"Certificate issuer: W3i,LLC",Certificate signer: VeriSign Class 3 Code Signing 2004 CA,Certificate thumbprint: C1102EA03313E71D4E3C771A823E152375CDEF4E,Signing timestamp: 0,Certificate serial number: 391B1DE3FDF7D68124136D1483C16B21
"""#
let stringRange = NSRange(location: 0, length: testString.utf16.count)
let matches = regex.matches(in: testString, range: stringRange)
var result: [[String]] = []
for match in matches {
var groups: [String] = []
for rangeIndex in 1 ..< match.numberOfRanges {
let nsRange = match.range(at: rangeIndex)
guard !NSEqualRanges(nsRange, NSMakeRange(NSNotFound, 0)) else { continue }
let string = (testString as NSString).substring(with: nsRange)
groups.append(string)
}
if !groups.isEmpty {
result.append(groups)
}
}
print(result)
Please keep in mind that these code samples are automatically generated and are not guaranteed to work. If you find any syntax errors, feel free to submit a bug report. For a full regex reference for Swift 5.2, please visit: https://developer.apple.com/documentation/foundation/nsregularexpression