User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc

101

102

103

104

105

106

107

108

109

110

Regular Expressions in User-Defined Events

105

Proventia Network IPS G and GX Appliance User Guide

Regular Expressions in User-Defined Events

Introduction Regular expressions (strings) are a combination of static text and variables the appliance

uses to detect patterns in the contexts (network packets) you specify for user-defined

event signatures. Use regular expressions when you create user-defined event signatures

if you need the appliance to detect more than a single static text string.

Regular expression

library

The appliance uses a custom ISS regular expression library called Deterministic Finite

Automata or DFA regular expression.

Changing the order

of precedence

Use parentheses in these regular expressions to offset the standard order of precedence.

The natural order of precedence would interpret 4+2*4 as 12, because in the natural order

of precedence, multiplication takes precedence over addition. However, you can use

parentheses to change this precedence. For example, if you use (4+2)*4, the answer would

be 24 instead of 12. This example describes a mathematical use of the order of precedence,

but many other non-numerical uses exist.

Reference: For more information about the order of precedence or other information

about using regular expressions, see Mastering Regular Expressions: Powerful Techniques for

Perl and Other Tools (O'Reilly Nutshell) by Jeffrey E. Friedl (Editor), Andy Oram (Editor).

Regular expression

syntax

You can use the following regular expression syntax in a user-defined event signature:

Meta-Character Description

(r) matches r

x matches x

xr matches x followed by r

\s matches either a space or a tab (not a newline)

\d matches a decimal digit

\” matches a double quote

\’ matches a single quote

\\ matches a backslash

\n matches a newline (ASCII NL or LF)

\r matches a carriage return (ASCII CR)

\t matches a horizontal tab (ASCII HT)

\v matches a vertical tab (ASCII VT)

\f matches a formfeed (ASCII FF)

\b matches a backspace (ASCII BS)

\a matches a bell (ASCII BS)

\ooo matches the specified octal character code

Table 33: String standard expressions