Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Regex for Custom Signatures


Can anyone explain the difference between [/\\][Aa][Nn][Dd] and [Aa][Nn][Dd]



Re: Regex for Custom Signatures

hi [/\\][Aa][Nn][Dd] means matching \\AND or \\and or any other possible combination . This sort of syntax is used for creating customized HTTP signatures which look at the URI for matches.

[Aa][Nn][Dd] means matching AND or and or any other possible combination. This can be used for creating customised signatures that look only for matching characters or words within the inspected traffic.

I hope it helps .. please rate it if it does !!

Community Member

Re: Regex for Custom Signatures

In short the difference of the first regular expression from the second is if you see ascii character / or \ match. The second regular expression simply matches [Aa][Nn][Dd].

To give you a bit more detail, the [] is a character class which means that with each character within the class an OR is in place. So [Bb] means match B OR b. [/\\] is the same as a hex 0x2f which is ascii / and 0x5c means \. In this case you will notice that there are two 0x5c characters. This is to escape the character since it is a meta character.

Here is a link that may help you further:

I hope that helps.

CreatePlease to create content