Cisco Cisco FirePOWER Appliance 8130
32-33
FireSIGHT System User Guide
Chapter 32 Understanding and Writing Intrusion Rules
Understanding Keywords and Arguments in Rules
Character Classes
License:
Protection
Character classes include alphabetic characters, numeric characters, alphanumeric characters, and white
space characters. While you can create your own character classes within brackets (see
space characters. While you can create your own character classes within brackets (see
), you can use the predefined classes as shortcuts for different types of character types. When
used without additional qualifiers, a character class matches a single digit or character.
The following table describes and provides examples of the predefined character classes accepted by
PCRE.
PCRE.
PCRE Modifier Options
License:
Protection
()
Groups expressions.
(abc)+
matches
abc
,
abcabc
,
abcabcabc
and so on.
{}
Specifies a limit for the number of matches for a
character or expression. If you want to set a lower
and upper limit, separate the lower limit and upper
limit with a comma.
character or expression. If you want to set a lower
and upper limit, separate the lower limit and upper
limit with a comma.
a{4,6}
matches
aaaa
,
aaaaa
, or
aaaaaa
.
(ab){2}
matches
abab
.
[]
Allows you to define character classes, and
matches any character or combination of characters
described in the set.
matches any character or combination of characters
described in the set.
[abc123]
matches
a
or
b
or
c
, and so on.
^
Matches content at the beginning of a string. Also
used for negation, if used within a character class.
used for negation, if used within a character class.
^in
matches the “in” in
info
, but not in
bin
.
[^a]
matches anything that does not contain
a
.
$
Matches content at the end of a string.
ce$
matches the “
ce
” in
announce
, but not
cent
.
|
Indicates an OR expression.
(MAILTO|HELP)
matches
MAILTO
or
HELP
.
\
Allows you to use metacharacters as actual
characters and is also used to specify a predefined
character class.
characters and is also used to specify a predefined
character class.
\.
matches a period,
\*
matches an asterisk,
\\
matches a backslash and so on.
\d
matches the
numeric characters,
\w
matches alphanumeric
characters, and so on. See
for more information about using
character classes in PCRE.
Table 32-16
PCRE Metacharacters (continued)
Metacharacter
Description
Example
Table 32-17
PCRE Character Classes
Character
Class
Class
Description
Character Class
Definition
Definition
\d
Matches a numeric character (“digit”).
[0-9]
\D
Matches anything that is not an numeric character.
[^0-9]
\w
Matches an alphanumeric character (“word”).
[a-zA-Z0-9_]
\W
Matches anything that is not an alphanumeric character.
[^a-zA-Z0-9_]
\s
Matches white space characters, including spaces, carriage returns, tabs,
newlines, and form feeds.
newlines, and form feeds.
[ \r\t\n\f]
\S
Matches anything that is not a white space character.
[^ \r\t\n\f]