Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IPv4 address Extractor regex does not match only IPv4 address #198

Closed
srilumpa opened this issue Feb 22, 2018 · 2 comments
Closed

IPv4 address Extractor regex does not match only IPv4 address #198

srilumpa opened this issue Feb 22, 2018 · 2 comments
Labels
category:enhancement Issue is related to an existing feature to improve scope:question

Comments

@srilumpa
Copy link
Contributor

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian
Cortex Analyzer Name cortexutils
Cortex Analyzer Version 1.2.0
Cortex Version 1.0.0, hash of the commit

Description

The regular expression used to detect if an artifact is an IPv4 address is "too wide" and will detect as an IP address every string containing four groups of one, two or three digits separated by dots.

Steps to Reproduce

  1. Call Extractor().check_string("1.0.0.127.localhost.localdomain.")
  2. This will return ip but should return fqdn (or an empty string)

Possible Solutions

Use the following regular expression for ip type detection/extraction: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\/\d\d?)?$
@srilumpa srilumpa mentioned this issue Feb 22, 2018
Open
@3c7 3c7 added category:enhancement Issue is related to an existing feature to improve scope:question labels Feb 28, 2018
@3c7
Copy link
Contributor

3c7 commented Feb 28, 2018

Some thoughts in the PR (#199).

@3c7
Copy link
Contributor

3c7 commented Oct 17, 2018

I'll close this for now. The automatic extraction should be the one to use, if you've no idea of how to extract your observables properly and the behaviour can always be changed through overwriting the artifacts function. Maybe we need to add this to the "How to create an analyzer" manual.

@3c7 3c7 closed this as completed Oct 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category:enhancement Issue is related to an existing feature to improve scope:question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@3c7 @srilumpa