AnsweredAssumed Answered

Regex tag rules in Qualys?

Question asked by psaux on Jun 18, 2014
Latest reply on Jun 25, 2014 by Parag Baxi

I have a regex query that works as I want it to to in every regex testing utility that I tried, however, when I use the query to build a tag it yields 0 assets. The following rule seems to work everywhere except within Qualys:

/(^|\s)(\2(rxa|urm|ets|uso|rqp|uruz|spm|ero)[^\s]+)/g

 

I am not sure if something is happening on Qualys' backend or if there is something I am missing.

 

To give a little insight we have several thousand computer assets that belong to several business units. The only identifying info on those assets are the first 3-6 characters. I know that if an asset starts with the following 3 characters then the asset belongs to Business Unit 1: 

  • rxa
  • urm
  • ets
  • uso
  • rqp
  • uru
  • spm
  • ero

  Hopefully the regex query would flag some of the following assets based on the first 3 characters and whatever followed: 

  • rxaAHK300A0026
  • rxaPWB30002147
  • urmJKJQUUKISL64
  • urmJCW30005874
  • etsAHK300A0026
  • usoQAJ300A0486
  • usoSCJ300A0231
  • rqpKDXKJ06
  • rqpSQLDEVTEST
  • uruTestPC
  • spm2GDNXL1
  • spmAYA109AE0G
  • eroPWB300A0373
  • eroKQR30005215

Hopefully the query would not flag an asset such as "thrrxaAHK300A0026" because that asset would belong to a different business unit even though it's similar to the first asset listed. I would then wash, rinse, and repeat for the other business units.

The key is that I know the first few characters that would dictate what business unit an asset belongs to but I don't always know what follows those first few characters.

Outcomes