CISCO CyberOps lab – Regular Expression Tutorial; cybersecurity training

Objectives

In this lab, you will learn how to use regular expressions to search for desired strings of information.

Part 1: Compete the regexone.com tutorial.

Part 2: Describe the provided regular expression pattern.

Part 3: Verify your answers.

Background / Scenario

A regular expression (regex) is a pattern of symbols that describes data to be matched in a query or other operation. Regular expressions are constructed similarly to arithmetic expressions, by using various operators to combine smaller expressions. There are two major standards of regular expression, POSIX and Perl.

In this lab, you will use an online tutorial to explore regular expressions. You will also describe the information that matches given regular expressions.

Required Resources

  • CyberOps Workstation virtual machine
  • Internet connection

Instructions

Part 1: Complete the regexone.com tutorial.

  1. Open a web browser and navigate to https://regexone.com/ from your host computer. Regex One is a tutorial that provides you with lessons to learn about regular expression patterns.
  2. After you have finished with the tutorial, record the function of some of the metacharacters that are used in regular expressions.
Metacharacters Description
$ Matches the ending position within the string
* Matches zero or more times for the preceding item
. Any single character
[  ] any single character in the list
\. Period
\d Any digit character
\D Any non-digit character
^ Matches the starting position within the string
{m} matches m number of repetitions
{n,m} at least n number of repetitions, but not more than m times
abc|123 Matches any string matching either expression: 123, abc

Part 2: Describe the provided regular expression pattern.

Regex pattern Description
^83 Any string that begins with the number 83
[A-Z]{2,4} Any string that contains 2 to 4 capital letters consecutively
2015 Any string that contains the number 2015
05:22:2[0-9] Any string that contains 05:22:20 to 05:22:29
\.com Any string that contains .com
complete|GET Any string that matches complete or GET
0{4} Any string that contains 4 zeros consecutively
Learn and Earn More-   CISCO CyberOps lab – Windows Task Manager; cybersecurity training

Part 3: Verify your answers.

In this step, you will verify your answers in the previous step using a text file stored in the CyberOps Workstation VM.

  1. Launch and log in to the CyberOps Workstation VM (username: analyst / password: cyberops).
  2. Open a terminal and navigate to the following folder:

[analyst@secOps ~]$ cd lab.support.files/

  1. Use the less command to open the logstash-tutorial.log

[analyst@secOps lab.support.files]$ less logstash-tutorial.log

  1. At the bottom of the screen, you will see logstash-tutorial.log: This is the cursor at which you will enter the regular expression. Precede the regular expression with a forward slash (/). For example, the first pattern in the above table is ^83. Enter /^83.

The matching text from the log file is highlighted. Use the scroll wheel on the mouse or use the j or k keys on your keyboard to locate the highlighted patterns.

  1. For the next expression, enter /[A-Z]{2,4} at the colon (:) prompt.

Note: The colon is replaced by / as you type the expression.

  1. Enter the rest of the regular expressions from the table in Step 2. Make sure all the expressions are preceded with a forward slash (/). Continue until you have verified your answers. Press q to exit the logstash-tutorial.log file.
  2. Close the terminal and shut down the VM.


WhatsApp chat