AnsweredAssumed Answered

regex in ESI tool to catch meta

Question asked by Kamil Bernas on Mar 16, 2017
Latest reply on Aug 10, 2017 by Joe Gumke

hi,

here is the log

 

%ePolicy-2-1092: 11940911^^HISE^^2017-02-11 13:36:40.217^^2017-02-11 11:14:23.000^^ENDP_AM_1050^^McAfee Endpoint Security^^11.3.0^^LCT-NB-WAKLI-01^^122.118.1.31^^NULL^^NULL^^Access Protection^^NULL^^122.318.8.41^^RCH-CB-KLAS-01^^142.245.1.12^^SYSTEM^^NULL^^NULL^^NULL^^HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FLASHUTIL32_25_0_0_127_PEPPER.EXE\^^hip.registry^^1092^^2^^Hijacking .EXE or other executable extensions^^IDS_THREAT_TYPE_VALUE_AP^^blocked^^1

 

I need to parse it. now filename = HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\FLASHUTIL32_25_0_0_127_PEPPER.EXE

 

I would like only FLASHUTIL32_25_0_0_127_PEPPER.EXE be present as filename meta and rest discarded. How I can achieve it in ESI tool?

 

regards

Outcomes