Warning: Declaration of Suffusion_MM_Walker::start_el(&$output, $item, $depth, $args) should be compatible with Walker_Nav_Menu::start_el(&$output, $data_object, $depth = 0, $args = NULL, $current_object_id = 0) in /home/customer/www/drsiem.com/public_html/wp-content/themes/suffusion/library/suffusion-walkers.php on line 17
Aug 212017
 

One of the questions that I get about QRadar is how to write a case insensitive regex. One of the common examples is to search for all variations of the word “administrator” in the username field.

There are 2 ways of doing this in programming languages using the “i” flag that is indicated below.

(?i) administrator

/administrator/i

However, none of these options work in QRadar as of now, and there is an open ticket for it with the QRadar team.

IV98710: ATTEMPTING TO USE THE VALID REGEX (?I) (FOR CASE INSENSITIVE) IN A CUSTOM PROPERTY FAILS WITH “REGEX IS INVALID”

As a workaround, you can use a character set in your regex to cover all the possible variations. Below is an example on how to cover all the possible varations of the word “administrator”.

[aA][dD][mM][iI][nN][iI][sS][tT][rR][aA][tT][oO][rR]

Sorry, the comment form is closed at this time.