[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] pcre/regex help
From: wkitty42 () windstream ! net
Date: 2017-09-29 14:47:02
Message-ID: c72caa0c-01d5-886f-fc9d-ca56ab8a92af () windstream ! net
[Download RAW message or body]
On 09/29/2017 08:04 AM, John Hally wrote:
> Hi All,
>
> I'm trying to write a rule to capture email addresses being submitted to a web
> application and I cant seem to get the regex to work.
>
> alert tcp $EXTERNAL_NET any -> any 80 (msg:"Target Email Detected";
> pcre:"/.+\@.+\..+"; fast_pattern:only; nocase; classtype: Target Email Detected
> ;sid:1000023 ;)
looks to me like you don't have the closing "/" of the regex in place...
pcre:"/.+\@.+\..+/";
--
NOTE: No off-list assistance is given without prior approval.
*Please keep mailing list traffic on the list unless*
*a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic