[prev in list] [next in list] [prev in thread] [next in thread]
List: security-onion
Subject: [security-onion] Re: Wildcard for Autocat in Squert
From: Christian <chris.sommer.cs () gmail ! com>
Date: 2021-03-09 16:59:47
Message-ID: 9e544e28-54d5-4f82-a2ed-56eccbc0796en () googlegroups ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi Doug & Wes,
any Input on this Question?
Thanks & BR
Chris
Christian schrieb am Freitag, 5. März 2021 um 13:32:36 UTC:
> Hi,
>
> how do I use a Wildcard in Squert for "Autocat"ing Alerts?
>
> I tried every possible combination from TCL Regex, Normal RegEx, ... and
> can't find the right syntax.
>
> Example: I want to escalate each Event with MALWARE and CnC in it to F9
> %%REGEXP%%MALWARE*CnC doesn't work, , + * ... also don't work.
>
> Is this even possible?
>
> BR
> Chris
>
--
Please keep in mind that Security Onion 16.04 reaches End Of Life soon!
https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion.html
---
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To view this \
discussion on the web visit \
https://groups.google.com/d/msgid/security-onion/9e544e28-54d5-4f82-a2ed-56eccbc0796en%40googlegroups.com.
[Attachment #5 (text/html)]
<div>Hi Doug & Wes,</div><div><br></div><div>any Input on this \
Question?<br><br>Thanks & BR<br>Chris<br></div><div class="gmail_quote"><div \
dir="auto" class="gmail_attr">Christian schrieb am Freitag, 5. März 2021 um 13:32:36 \
UTC:<br/></div><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex; \
border-left: 1px solid rgb(204, 204, 204); padding-left: \
1ex;"><div>Hi,</div><div><br></div><div>how do I use a Wildcard in Squert for \
"Autocat"ing Alerts?</div><div><br></div><div>I tried every possible \
combination from TCL Regex, Normal RegEx, ... and can't find the right syntax. \
<br></div><div><br></div><div>Example: I want to escalate each Event with MALWARE and \
CnC in it to F9</div><div>%%REGEXP%%MALWARE*CnC doesn't work, , + * ... also \
don't work.</div><div><br></div><div>Is this even \
possible?<br></div><div><br></div><div>BR<br>Chris<br></div></blockquote></div>
<p></p>
-- <br />
Please keep in mind that Security Onion 16.04 reaches End Of Life soon!<br />
<a href="https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion. \
html">https://blog.securityonion.net/2020/10/6-month-eol-notice-for-security-onion.html</a><br \
/>
--- <br />
You received this message because you are subscribed to the Google Groups \
"security-onion" group.<br /> To unsubscribe from this group and stop \
receiving emails from it, send an email to <a \
href="mailto:security-onion+unsubscribe@googlegroups.com">security-onion+unsubscribe@googlegroups.com</a>.<br \
/> To view this discussion on the web visit <a \
href="https://groups.google.com/d/msgid/security-onion/9e544e28-54d5-4f82-a2ed-56eccbc \
0796en%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.co \
m/d/msgid/security-onion/9e544e28-54d5-4f82-a2ed-56eccbc0796en%40googlegroups.com</a>.<br \
/>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic