I need a cisco prime compliance policy regex to raise a violation for any IP host addresses in an ACL that DO NOT match a known list of authorized/registered IP host addresses.

I have the following ACL standard:

access-list 35 permit 8.8.8.8

access-list 35 permit 8.8.4.4

access-list 35 permit 4.2.2.2

access-list 35 permit 4.2.2.3

access-list 35 permit 208.67.222.222

access-list 35 permit 208.67.220.220

(the real ACL is MUCH longer than this.)

I need to scrape this ACL output from the Prime configuration database and raise violation if any other host IP addresses appear.

i.e.

access-list 35 permit 103.46.142.28
access-list 35 permit 103.47.144.182
access-list 35 permit 103.47.144.137
access-list 35 permit 103.47.144.152

The following regex appears to work very well on the regex101 website:

^(?=.*?\b(permit|deny)\b)((?!(8.8.8.8|8.8.4.4|4.2.2.2|4.2.2.3|208.67.222.222|208.67.220.220)).)*$

all of the lines that include 103.... appear as matches to the regex.

But pasting that regex into Prime shows no matches on the same input source.

I've also tried using regex101's java code gen tool, as well as python, php, etc., in Prime to no avail.

Again, I need to raise violation for any Host IP addresses NOT listed in the regex.

-Bryan