​@jstoner  A small correction on my question: when an operation is performed (such as delete), I also need to capture the version outcome at that point, for example in an application like NPA.

A couple of things that immediately jump to mind on this. The < > signs won’t work on strings which is what you have with those versions. You could potentially break your versions out to being three different values that you could compare all three as numbers (haven’t played with this yet, so mainly brainstorming). The inequality will work, so you could keep that.

This is a quick/dirty example of what that might look like. Once you have those captures,  you could perform calculations.

metadata.event_type = "PROCESS_LAUNCH"
additional.fields["EngineVersion"] = "5.1.19041.1682"
cast.as_int(re.capture(additional.fields["EngineVersion"], `^(\d+)\.\d+\.\d+\.\d+$`)) = $v1
cast.as_int(re.capture(additional.fields["EngineVersion"], `^\d+\.(\d+)\.\d+\.\d+$`)) = $v2
cast.as_int(re.capture(additional.fields["EngineVersion"], `^\d+\.\d+\.(\d+)\.\d+$`)) = $v3
cast.as_int(re.capture(additional.fields["EngineVersion"], `^\d+\.\d+\.\d+\.(\d+)$`)) = $v4

outcome:
    $a = $v1
    $b = $v2
    $c = $v3
    $d = $v4