Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
928
Views
0
Helpful
1
Replies

Regular Expressions - Dictionary List

csids2005
Level 1
Level 1

‎02-14-2005 01:25 PM - edited ‎03-10-2019 01:16 AM

Good day all -

I am trying to create a signature(s) to provide a minimalistic "content management" scenario. We have a list of about 150 words that we need to flag if they are seen in user data. I know how to create the regex string for a single word ... and can use the | pipe to separate the words to allow me to combine multiple words into a single signature ... but just how large is the STRING field? 255? 128? unlimited?

The idea hopefully is to use only 10 - 20 signatures to cover the whole list. Certainly hope to avoid having to write a new signature for each word!

Looking for suggestions and/or experiences of anyone else having attempted to do something like this.

Maybe someone found that you could insert unlimited words in the list but by doing so they overtaxed the sensor ... or that it appeared that using more than 10 words in a list was an iffy proposition.

All your inputs will be appreciated - whether I like what I hear or not! Thanks everyone.

Hank Schupp

Labels:
0 Helpful
1 Reply 1

rupadras
Cisco Employee
Cisco Employee

‎02-14-2005 02:17 PM

It all depends on how many states the regular expression will create in the engine. The maximum is 64K bytes, which is a pretty long string. You will have to experiment to find the maximum number of words you can pipe into a single signature. I would recommend dividing the 150 words into different categories and writing one signature for each category. In general, writing one signature for 20 words will make it easy to manage.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card