Running Investigator 18.104.22.168. Trying (unsuccessfully) to use a regex expression to look for specific HTTP Cookie patterns.
As a simple test, I've tried this custom drill (after narrowing results to HTTP and specific alerts):
req.uniq regex 'C5=;'
(Single quotes surrounding expression, and literally looking for the 4 character string). This runs successfully, but returns no results. If I look at the sessions, there clearly are sessions with this string in req.uniq.
What's magic about trying to get regex working? Will they work properly on a meta data item that may exist multiple times in session?
My end goal is a more complex regex, but if I can't get a simple match to work, more complicated certainly won't...