Wazuh - Regex

We can use the following website to create regex records

Wazuh Supporting documents :

Wazuh Regex Syntax: https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/regex.html

Wazuh Decoders Syntax: https://documentation.wazuh.com/current/user-manual/ruleset/ruleset-xml-syntax/decoders.html

This is the regex syntax which is supported by wazuh & we can take reference from this regex table to create our own regex strings to decode the logs to index onto the wazuh server.

Last updated 4 months ago