Cisco Cisco FirePOWER Appliance 7115

Version 5.3

Sourcefire 3D System User Guide

1118

Understanding and Writing Intrusion Rules

Understanding Keywords and Arguments in Rules

Chapter 30

The following sections provide more information about building valid values for 

the 

pcre

 keyword:

 on page 1118 describes the 

common syntax used in Perl-compatible regular expressions.

 on page 1120 describes the options you can use to 

modify your regular expression.

 on page 1124 gives example usage of the 

pcre

 keyword in rules.

Perl-Compatible Regular Expression Basics

: Protection

The 

pcre

 keyword accepts standard Perl-compatible regular expression (PCRE) 

syntax. The following sections describe that syntax.

While this section describes the basic syntax you may use for PCRE, you 

may want to consult an online reference or book dedicated to Perl and PCRE for 

more advanced information. 

Metacharacters

: Protection

Metacharacters are literal characters that have special meaning within regular 

expressions. When you use them within a regular expression, you must “escape” 

them by preceding them with a backslash. 
The 

 table describes the metacharacters you can use with 

PCRE and gives examples of each.

PCRE Metacharacters 

.

Matches any character except newlines. 

If 

s

 is used as a modifying option, it also 

includes newline characters. 

abc.

 matches 

abcd

, 

abc1

, 

abc#

, and so 

on.

*

Matches zero or more occurrences of a 

character or expression.

abc*

 matches 

abc

, 

abcc

, 

abccc

, 

abccccc

, and so on.

?

Matches zero or one occurrence of a 

character or expression.

abc?

 matches 

abc

.

+

Matches one or more occurrences of a 

character or expression.

abc+

 matches 

abc

, 

abcc

, 

abccc

, 

abccccc

, and so on.