This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I'm trying to come up with a profiling condition to match on FQDN. In this particular example, all corporate workstations have the following common FQDN:
I would like to match on everything except the machinename which can be a wildcard. The profiling condition I've attempted to configure is
IP:FQDN CONTAINS ^(abcd)*(\.xyz\.com)$
I never get any matches on this or any variation that I've tried. When I look at the Endpoint in Identity, I do see the full FQDN as an attribute.
Can anyone help me with the correct syntax to match a FQDN in this manner?
Solved! Go to Solution.
I think you should use "Ends with" operator against the domain name "xyz.com" instead of using "contains" operator against entire FQDN
For more detail, the following link may be helpful:
Creating a New Authorization Policy
In the above link, review the Note:The "Matches" operator supports and uses regular expressions (REGEX) not wildcards.
From my understanding, regular expressions can't be used against all operators
"Ends with" does not appear to be an operator. My choices are EQUALS, NOTEQUALS, GREATERTHAN, LESSTHAN or CONTAINS. I will most likely need to use the EQUALS operator to match on my regular expression, but can't figure out what the proper syntax is to match on first few characters and domain.
Regardless of Ends With operator, your filter may focus on the domain name xyz.com instead of entire FQDN.
Regular expressions pattern varies among different platforms. Writing perfect and precise regex is a tricky method that can't be discussed at forum.
But the best way out is you try these online editors:
You may also search for Regular Expressions Editor / Tester
Thanks Ashok. Until 1.2 gets released, we will use the CONTAINS operator as we discussed over the phone earlier this week. Thanks for your assistance.
Just wanted to add what all you discussed so far;
A new defect has bee filed on the same topic
CSCug82199 Profiler Conditions Using REGEX as Attribute Value Don't Work Correctly
Symptom: Profiling condition does not match a REGEX configured in the Attribute Value text box when set to EQUAL the contents
Conditions: REGEX configured with a wildcard portion in the middle fail the be profiled.
Workaround: Use a simple text value in the Attribute Value Box matched with the CONTAINS operator.
- Do rate helpful posts -
At the time of writing this message, the bug detail page is not accessible. Please confirm the URL
And I wanted to share my views on the operators' use:
Although, ISE does not seem to be functioning in this way but logically EQUALS, GREATER THAN, LESS THAN operators (should) call for mathematical evaluation of the expression, whereas the textual operation, comparison, analysis etc. would require the following operators:
I have also noticed that in earlier ISE versions, FQDN was displayed in hex form with 4 hex digits (3 leading zeros) followed by FQDN name. I shall try to check the raw FQDN value returned in AV pairs. This may be the reason of failure of EQUALS operator