Detecting Web Attacks through log monitoring
Try to match a Regex (querying against a group of Regex) with the Referral field in Web server logs.
If one of the Regex matches I can write a rule to trigger an alert!
Now can I capture the matching Regex in an another field, say by "Mapping Additional Data Names" to the connector.
If the above is possible; it will be clear to me that there is a matching Regex and I will get to know the exact Regex which caused the alert.
If the above hypothetical conditions are possible, kindly let me know HOW?
Thanks in advance.
I'm posting this query as a separate post for more visibility.