Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
1118
Understanding and Writing Intrusion Rules
Understanding Keywords and Arguments in Rules
Chapter 30
The following sections provide more information about building valid values for
the
pcre
keyword:
•
on page 1118 describes the
common syntax used in Perl-compatible regular expressions.
•
on page 1120 describes the options you can use to
modify your regular expression.
•
on page 1124 gives example usage of the
pcre
keyword in rules.
Perl-Compatible Regular Expression Basics
L
ICENSE
: Protection
The
pcre
keyword accepts standard Perl-compatible regular expression (PCRE)
syntax. The following sections describe that syntax.
TIP!
While this section describes the basic syntax you may use for PCRE, you
may want to consult an online reference or book dedicated to Perl and PCRE for
more advanced information.
Metacharacters
L
ICENSE
: Protection
Metacharacters are literal characters that have special meaning within regular
expressions. When you use them within a regular expression, you must “escape”
them by preceding them with a backslash.
The
The
table describes the metacharacters you can use with
PCRE and gives examples of each.
PCRE Metacharacters
M
ETACHARACTER
D
ESCRIPTION
E
XAMPLE
.
Matches any character except newlines.
If
s
is used as a modifying option, it also
includes newline characters.
abc.
matches
abcd
,
abc1
,
abc#
, and so
on.
*
Matches zero or more occurrences of a
character or expression.
abc*
matches
abc
,
abcc
,
abccc
,
abccccc
, and so on.
?
Matches zero or one occurrence of a
character or expression.
abc?
matches
abc
.
+
Matches one or more occurrences of a
character or expression.
abc+
matches
abc
,
abcc
,
abccc
,
abccccc
, and so on.