Hello,
I have the risk_score outcome below that is WORKING as expected, but I had to split the logic into two regex capture. I'm trying to have this in a single line, but due to the single group capture limit, I'm not able to have the intended regex (Mon|Tue|Wed|Thu|Fri) ([8-9]|1[0-8]) that would match both the day of week and hour. I want to match if it's "business hours" in London, between 8:00 and 18:59 Mon to Fri.
outcome:
$risk_score = max(
100
- if(
re.capture(timestamp.get_timestamp($e.metadata.event_timestamp.seconds, "%a", "Europe/London"), "Mon|Tue|Wed|Thu|Fri") != ""
and re.capture(timestamp.get_timestamp($e.metadata.event_timestamp.seconds, "%k", "Europe/London"), "[8-9]|1[0-8]") != ""
, 50, 0)
)
I tried this, but the single group capture limitation blocks me:
outcome:
$risk_score = max(
100
- if(
re.capture(timestamp.get_timestamp($e.metadata.event_timestamp.seconds, "%a %k", "Europe/London"), "(Mon|Tue|Wed|Thu|Fri) ([8-9]|1[0-8])") != ""
, 50, 0)
)
I know about timestamp.get_hour and timestamp.get_day_of_week, but they would make the rule even longer/bigger, hence I'm using re.capture with timestamp.get_timestamp.
Any suggestions to have a single re.capture and timestamp.get_timestamp that can match both day of week and hour?