Greetings,
Within InsightIDR I need to search for destination_accounts that have a syntax of four characters (in the account name). So I’m looking for a query that will only show destination_accounts that contain exactly four characters (e.q. abcd). I want to know if this is possible and how this can be done?
Thank you in advance!
This would typically be accomplished using regex. Just use an LLM for your regex queries and tune them to exactly what you need in RegExr. Think you’d be looking for something like this:
where(destination_account = /^[A-Za-z]{4}$/)
@ajubelin is it also possible to change the query that only four character destination accounts that starts with the letter ‘A’ are shown?
Thank you in advance for your assistance!
First two are free. where( destination_account = /^A[A-Za-z]{3}$/ ) if it’s lowercase where( destination_account = /^a[A-Za-z]{3}$/ ). Have fun on your Regex journey.