Pattern Match Examples

After grappling with a tricky Pattern Match step yesterday, I wanted to share an example here and start a topic where other workflow builders can share their own examples! Please comment freely with:

  • Input String
  • Outputs (screenshots are great!)
  • The regular expression that got you there

I would also encourage people like me who may be struggling with this step to comment here with your Input String & Desired Outputs – we’ll help if we can!

Without further ado, here’s my pattern match scenario…

Input String

New Vuln "ssl-self-signed-certificate" on Asset "7"

Outputs:

{"vuln_id": "ssl-self-signed-certificate",
"asset_id": "7"}
image

Regex Pattern

"{{id:/([^"]*)/}}".*"{{asset_id:/([^"])/}}"

More Pattern Match Resources!

I’ll end this post with a couple of other handy resources for the Pattern Match step:

3 Likes

Get the JobID from the Job URL

Input String

{{[$job].[URL]}}

Outputs:

{"id":"37bcd987-2cfb-43e3-bd99-96776bdddf2f"}
image

Regex Pattern (case insensitive)

{{id:/[0-9A-F]{8}\-[0-9A-F]{4}\-[0-9A-F]{4}\-[0-9A-F]{4}\-[0-9A-F]{12}$/}}

2 Likes

Extract InsightVM Asset ID from the “New Vulnerability Found” IVM platform trigger.

Input:
{{["New Vulnerability Found"].[id]}}

Looks like this: 4ff14asq-827c-1337-bdd4-1cht3e7dkic8-default-asset-23

Regex (case-insensitive,no multi-match):
{{id:/\d+/}}$

Same for New Asset Found

FYI: I addressed this internally to get this changed so that the asset-id will be only the number at the end and can be directly used with the IVM plugin.

1 Like