Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcre/regex help

From: wkitty42 () windstream net
Date: Fri, 29 Sep 2017 10:47:02 -0400
On 09/29/2017 08:04 AM, John Hally wrote:

Hi All,
I’m trying to write a rule to capture email addresses being submitted to a web application and I cant seem to get the regex to work.
alert tcp $EXTERNAL_NET any -> any 80 (msg:"Target Email Detected"; pcre:"/.+\@.+\..+"; fast_pattern:only; nocase; classtype: Target Email Detected ;sid:1000023 ;) 


looks to me like you don't have the closing "/" of the regex in place...


  pcre:"/.+\@.+\..+/";



--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: