This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question
asinghz297
Bronze 3
Bronze 3
Since 3 weeks ago
yesterday

My Stats

  • 28 Posts
  • 0 Solutions
  • 5 Likes given
  • 0 Likes received

asinghz297's Bio

Badges asinghz297 Earned

View all badges

Recent Activity

Alternative of negative lookahead

Wednesday
srcip=(?!(10[.]|172[.](?:1[6-9]|2[0-9]|3[0-1])[.]|192[.]168[.]))Negative lookahead (?!) is not supported by re2 in google secops. I need an alternative for this. To filter out if the srcip is public. How can I achieve this in one single line regex?Ca...

Regex pattern not working as expected

a week ago
Oct 15 17:08:29 |Check Point|VPN-1 & FireWall-1|Check Point|Log|http|Unknown|act=Accept app=HTTPS cn1Label=Elapsed server_outbound_packets=30 service_id=https sig_id=4 src=10.25.18.12So I have this textI want to check if the text. I want to write a r...

Issue with regex pattern

a week ago
46242012544This is a text. I want to write a regex that checks if the text contains Windows and EventID 4624 or 4625.How am I supposed to do that?regexp : .*Windows.*\b(4624|4625)\b.*my expression is not working. Can anyone help?

Log Filtering

2 weeks ago
So I have this rule over hererule blocked_inbound_traffic_on_firewall { meta: author = "Author" events: $e.metadata.product_name = "Fortigate" $e.metadata.event_type = "NETWORK_CONNECTION" or ($e.metadata.event_type = "NETWORK_HTTP") $e.security_resu...

Issue with yara L rule

3 weeks ago
So I have written this rule : rule linux_user_account_created_and_deleted_in_short_time_interval { meta: author = "ABC" description = "New user created and deleted in short time interval" events: $e1.metadata.vendor_name = "Linux" $e1.metadata.produc...
View more