Fortinet black logo

Version:

Version:

Version:

Version:


Table of Contents

Online Help

Appendix C - Regex Syntax Rule

Regex syntax rule is being used in pattern matching when creating resource group in Container Protection and Workload Protection. Regex is an abbreviated term of regular expression.

Regex utilizes regular expression syntax to form a search query to match patterns in the resource data such as cloud account names in Workload Protection or cluster names in Container Protection.

FortiCWP resource group uses Elasticsearch engine which supports Lucene regular expression engine. Lucene regular expression does not support Perl Compatible Regular Expression library, but it still supports the standard operators. This section explains what operators are supported in making regex queries utilizing Lucene regular expression.

Supported Standard Operators

Operator

Matching Mechanism

Description

Example

.

Match any character

The period "." can be used to represent any character.

Target String: "abcde":

ab... # match

a.c.e # match

 

+

One-or-more

The plus sign "+" can be used to repeat the preceding shortest pattern once or more times

Target String: "aaabbb":

a+b+ # match

aa+bb+ # match

a+.+ # match

aa+bbb+ # match

 

*

Zero-or-more

The asterisk "*" can be used to match the preceding shortest pattern zero-or-more times

Target String: "aaabbb":

a*b* # match

a*b*c* # match

.*bbb.* # match

aaa*bbb* # match

 

?

Zero-or-one

The question mark "?" makes the preceding shortest pattern optional. It matches zero or one time.

Target String: "aaabbb":

aaa?bbb? # match

aaaa?bbbb? # match

.....?.? # match

aa?bb? # no match

 

{}

Min-to-max

The curly brackets "{}" can be used to specify a minimum and (optionally) a maximum number of times the preceding shortest pattern can repeat

The allowed forms are:

{5} # repeat exactly 5 times

{2,5} # repeat at least twice and at most 5 times

{2,} # repeat at least twice

Target String: "aaabbb":

a{3}b{3} # match

a{2,4}b{2,4} # match

a{2,}b{2,} # match

.{3}.{3} # match

a{4}b{4} # no match

a{4,6}b{4,6} # no match

a{4,}b{4,} # no match

 

()

Grouping

The parentheses "()" can be used to form sub-patterns.

Target String: "ababab":

(ab)+ # match

ab(ab)+ # match

(..)+ # match

(...)+ # no match

(ab)* # match

abab(ab)? # match

ab(ab)? # no match

(ab){3} # match

(ab){1,2} # no match

|

Alternation

The pipe symbol "|" acts as an OR operator. The match will succeed if the pattern on either the left-hand side OR the right-hand side matches. The alternation applies to the longest pattern, not the shortest.

Target String: "aabb":

aabb|bbaa # match

aacc|bb # no match

aa(cc|bb) # match

a+|b+ # no match

a+b+|b+a+ # match

a+(b|c)+ # match

 

[]

Character classes

Ranges of potential characters may be represented as character classes by enclosing them in square brackets "[]". A leading ^ negates the character class.

Target String: "abcd":

ab[cd]+ # match

[a-d]+ # match

[^a-d]+ # no match

 

\

 

Any reserved character can be escaped with a backslash

Target String: "?b*d":

^\?.* # match

\?b\*d # match

 

Reference: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/query-dsl-regexp-query.html#regexp-syntax

 

 

 

 

Appendix C - Regex Syntax Rule

Regex syntax rule is being used in pattern matching when creating resource group in Container Protection and Workload Protection. Regex is an abbreviated term of regular expression.

Regex utilizes regular expression syntax to form a search query to match patterns in the resource data such as cloud account names in Workload Protection or cluster names in Container Protection.

FortiCWP resource group uses Elasticsearch engine which supports Lucene regular expression engine. Lucene regular expression does not support Perl Compatible Regular Expression library, but it still supports the standard operators. This section explains what operators are supported in making regex queries utilizing Lucene regular expression.

Supported Standard Operators

Operator

Matching Mechanism

Description

Example

.

Match any character

The period "." can be used to represent any character.

Target String: "abcde":

ab... # match

a.c.e # match

 

+

One-or-more

The plus sign "+" can be used to repeat the preceding shortest pattern once or more times

Target String: "aaabbb":

a+b+ # match

aa+bb+ # match

a+.+ # match

aa+bbb+ # match

 

*

Zero-or-more

The asterisk "*" can be used to match the preceding shortest pattern zero-or-more times

Target String: "aaabbb":

a*b* # match

a*b*c* # match

.*bbb.* # match

aaa*bbb* # match

 

?

Zero-or-one

The question mark "?" makes the preceding shortest pattern optional. It matches zero or one time.

Target String: "aaabbb":

aaa?bbb? # match

aaaa?bbbb? # match

.....?.? # match

aa?bb? # no match

 

{}

Min-to-max

The curly brackets "{}" can be used to specify a minimum and (optionally) a maximum number of times the preceding shortest pattern can repeat

The allowed forms are:

{5} # repeat exactly 5 times

{2,5} # repeat at least twice and at most 5 times

{2,} # repeat at least twice

Target String: "aaabbb":

a{3}b{3} # match

a{2,4}b{2,4} # match

a{2,}b{2,} # match

.{3}.{3} # match

a{4}b{4} # no match

a{4,6}b{4,6} # no match

a{4,}b{4,} # no match

 

()

Grouping

The parentheses "()" can be used to form sub-patterns.

Target String: "ababab":

(ab)+ # match

ab(ab)+ # match

(..)+ # match

(...)+ # no match

(ab)* # match

abab(ab)? # match

ab(ab)? # no match

(ab){3} # match

(ab){1,2} # no match

|

Alternation

The pipe symbol "|" acts as an OR operator. The match will succeed if the pattern on either the left-hand side OR the right-hand side matches. The alternation applies to the longest pattern, not the shortest.

Target String: "aabb":

aabb|bbaa # match

aacc|bb # no match

aa(cc|bb) # match

a+|b+ # no match

a+b+|b+a+ # match

a+(b|c)+ # match

 

[]

Character classes

Ranges of potential characters may be represented as character classes by enclosing them in square brackets "[]". A leading ^ negates the character class.

Target String: "abcd":

ab[cd]+ # match

[a-d]+ # match

[^a-d]+ # no match

 

\

 

Any reserved character can be escaped with a backslash

Target String: "?b*d":

^\?.* # match

\?b\*d # match

 

Reference: https://www.elastic.co/guide/en/elasticsearch/reference/6.8/query-dsl-regexp-query.html#regexp-syntax