Hello,
I’m trying to create a save search in Google Chronicle where a field matches a regex pattern instead of performing an exact match.
Specifically, my query looks like this:
metadata.log_type = "MCAFEE_WEBPROXY"
target.url = ${URL} nocase
However, I want target.url to match a regex pattern rather than being equal to a specific value.
How can I achieve a regex-based search on the save searches with using Variable detected in Google secops?
Thanks for your help!
I tried a few different things and was not able to arrive at a solution. I did open a ticket asking for some additional support in this regard. If this is something that you would like to see improved in the product, I would encourage opening a ticket as well to raise more attention to it.
Thank you very much for the help and the tests.
I would appreciate it if you could update that this is necessary in the product as well, we are trying to optimize processes with our analysts in the organization.
Thank you very much 😀
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.