Issue
Regex used in Workflow Rule is not working.
Environment
Red Canary
Resolution
While the Regex might work in other online tools like https://regex101.com/ , in Red Canary no Alerts are caught.
One possible cause, is if the Workflow Rule contains valid Regex "Capture Groups": ().
In Red Canary, this does not work. Workaround is to remove the capture group parentheses.
This functionality may not be supported since there is not use for capturing a group to trigger a rule.
Example:
(hostname[1|2]) should be hostname[1|2]
Comments
0 comments
Please sign in to leave a comment.