CCNA CyberOps SECOPS – Objective 2.1

Interpret basic regular expressions

Implementing Cisco Cybersecurity Operations (210-255)

Regular expressions are very useful to security analysts when analyzing logs and other security artifacts. There are several standard regular expression operators that you should understand for the CCNA CyberOps curriculum.

OperatorDescription
[]Match any of the characters in the brackets
{#}Repeat match # of times
.Match one character
*Match zero or more characters
+Match one or more characters
?Match one character or none
\dAny one digit
\sAny space character
|OR operator

Examples:

[A-Fa-f0-9]{4}\.[A-Fa-f0-9]{4}\.[A-Fa-f0-9]{4}
This example would match a mac address in the format used by a Cisco router or switch like 03a4.38bd.210f or 03A4.38bd.210f. Notice it is case insensitive because both ranges are listed in the bracket.

\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}
This example would match an IPv4 Address, but it would also match non-valid IPs like 999.999.999.999.

A good place to practice regular expressions is the site https://regex101.com.