Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Custom Attack Object DFA Expressions

    Table 1 provides examples of syntax for matching an attack pattern.

    Table 1: Example: Custom Attack Object Regular Expressions

    Example Syntax

    Description

    Example Matches

    Hello..\B.0.1..00\B...world

    There are two aspects to matching:

    Must match the bitmask pattern: \B.0.0.1..00\B

    Must match the number of bytes (signified by .) before and after the bitmask pattern.

    Matches:

    Hello..\B.0.11100\B...world
    Hello..\B.0.10000\B...world

    Does not match:

    Hello.\B.0.1..00\B.world
    Hello..\B.0.1..11\B...world

    \X01 86 A5 00 00\X

    Pattern with the five specified bytes verbatim.

    01 86 A5 00 00

    (hello|world)

    Pattern with hello or world occurring once.

    hello

    world

    (hello|world)+

    Pattern with hello or world occurring one or more times.

    helloworld

    worldhello

    hellohello

    \[hello\]

    Pattern hello, case insensitive.

    hElLo

    HEllO

    heLLO

    \uHello\u

    Pattern hello, Unicode insensitive.

    hello

    68656c6c6f

    hello\sworld

    Pattern hello world, the two words separated by a whitespace.

    hello world

    [c-e]a(d|t)

    Pattern with the first letter of c, d, or e; the middle letter a; and ending in d or t.

    cat

    dad

    eat

    [^c-d]a(d|t)

    Pattern that begins a letter other than c, d, or e; have the second letter a; and end in d or t.

    fad

    zad

    a*b+c

    Pattern with any number of a characters (including zero); followed by one or more b characters; followed by a c character.

    bc

    abc

    aaaabbbbc

    T[Kk]

    Pattern that begins with an uppercase T, followed by a case-insensitive k.

    TK

    Tk

    ([Tt])k

    Pattern that begins with a case-insensitive t, followed by a lowercase k.

    Tk

    Tk

    Sea[In]

    Pattern that begins with Sea, followed by a lowercase l, m, or n.

    Seal

    Seam

    Sean

    ([B-D])at

    Pattern that begins with an uppercase B, C, or D, followed by a lowercase at.

    Bat

    Cat

    Dat

    \0133\[hello\]\0135

    Pattern that begins with an opening bracket, followed by case-insensitive hello, ending with a closing bracket. This expression uses the \0 expression to signify that the following expression is an octal code, then the octal code for the opening bracket (133) or the closing bracket (135) follows.

    [hello]

    [HeLLo]

    Modified: 2018-01-03