Re: Need help to write regex for chronicle siem

admin

write a regex to capture value between @ and ” for below string.
[{\”ActionType\”:\”Forward\”,\”Recipients\”:[\”Katrina.Demon@whxyz.co.um\”],\”ForwardFlags\”:\”None\”}]

which is whxyz.co.um in above string. 

or help write a yara code for capturing the same. 

I am trying below, but is it giving error.

re.capture ($e.security_result.detection_fields.value, “\[“([^“]+)”\]“) = $Domain

Read more here: Source link