Hi Folks,
We’ve encountered a challenge in our current workflow due to our security gateway rewriting URLs in the emails we receive. Specifically, the URLs now look like this: “https://protect-eu.mimecast.com/s/CbnZCAQMmIJ9OwzSG9CQz?domain==abc.com”.
We’re seeking advice on how to extract only the domain part (“abc.com”) while omitting everything preceding it, including the “domain==” string.
You can use the Pattern Match Step to achieve your desired results. In my example below I defined two new variables “NotDomain” to pull out the domain==, and “Domain” to capture abc.com. There might be more efficient way, but this way worked for me. Here is the input for the pattern section {{NotDomain:/(?:domain==)/}}{{Domain:/([^&\s]+)/}}
![PatternMatchInput](//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/original/2X/8/8db2e26640fe8cdc2a7b4cd5a227c2ba49052bf2.png)
![Screen Shot 2024-01-16 at 7.50.59 AM](//forum-uploads-hub-prod-1-us-east-1-rapid7-com.s3.dualstack.us-east-1.amazonaws.com/original/2X/f/f2a38ba2f41f574663ab307844f74db96bf4ecd4.png)
1 Like
Thank You Darrick. Let me try the same in our env and let you know.
Thank you Darrick. Provided regex did the wonder!!!