One of most disregarded but one of the essential weapons of a analysts arsenal is Regex. Why it’s this important you ask?
Well if you want to parse a value in SIEM/SOAR , regex.. If you want to extract values from a dataset, regex.. Run a search? regex..d Rule tuning and inclusions and exclusions, yeap regex! basically if you get into L2/L3 Analyst stuff like detection development Regex is not optional.
Even Yara, Sigma, Snort the holly trinity uses regex for effective detection. I think this all got you convinced to learn Regex.
I’m not going to do the whole tutorial but point you towards path .+
Do the below tutorial and get to know the basics, then once you are up to a real problem read and learn more equipped with the basics you can figure it out,
To test the skills and tune detections below,
Happy Hunting!