If a 'Payload Matches Regular Expression' filter is created with an expression starting and ending with square brackets, the filter add will fail with a ValidationException stating 'This is not a valid regular expression: Unclosed character class near ...'
QRadar removes the outer brackets from the expression.
Resolving The Problem
To resolve this issue, you need an additional set of square brackets included at the ends of Regular Expression.
needs to be written as
Results: By adding the additional set of square brackets the Regular Expression works.
Where do you find more information?
Was this topic helpful?
16 June 2018