Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPS Regex for Boolean "AND"

Hi,

anyone know the regex string for Boolean "AND" operator. I came to know OR operator got string "|". But unable to find string for AND operator.

any help would be appreciated.

  • Intrusion Prevention Systems/IDS
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

IPS Regex for Boolean "AND"

Hi Ganesh,

Say, in your example, if the strings Color and Green are separated by AAAA, you can write a regex as "ColorAAAAGreen".

If you are not sure what characters can be between Color and Green, you can have a regex like "Color[\x00-\xff]*Green". This will fire if you see Color followed by Green in the traffic stream. But this includes a wildcard and could be memory-intensive. multistring engine would be better in this case.

So depending on the traffic you are matching, you can hardcode some strings in the regex and get the AND functionality.

HTH,

Radhika

4 REPLIES
New Member

IPS Regex for Boolean "AND"

Hello Ganesh,

Are you trying to configure more than one action for a signature?

You can do that using the same operator, but with no spaces, the command should be:

event-action produce-alert|deny-packet-inline

make sure that you write "deny-packet-inline" not any abbriviation like deny-p

HTH

Ahmad

New Member

IPS Regex for Boolean "AND"

Hi,

i am looking a option to use Regex. For example color and Green. I know multi-string can do this. But looking option to use in same line like we use OR (I) operator in Regex.

Cisco Employee

IPS Regex for Boolean "AND"

Hi Ganesh,

Say, in your example, if the strings Color and Green are separated by AAAA, you can write a regex as "ColorAAAAGreen".

If you are not sure what characters can be between Color and Green, you can have a regex like "Color[\x00-\xff]*Green". This will fire if you see Color followed by Green in the traffic stream. But this includes a wildcard and could be memory-intensive. multistring engine would be better in this case.

So depending on the traffic you are matching, you can hardcode some strings in the regex and get the AND functionality.

HTH,

Radhika

New Member

IPS Regex for Boolean "AND"

Hi Rupadras,

Thanks for the reply. Your answer worked me perfectly.

1027
Views
0
Helpful
4
Replies
This widget could not be displayed.