0
(0)

 Note

We’ve renamed Microsoft Cloud App Security. It’s now called Microsoft Defender for Cloud Apps. In the coming weeks, we’ll update the screenshots and instructions here and in related pages. For more information about the change, see this announcement. To learn more about the recent renaming of Microsoft security services, see the Microsoft Ignite Security blog.

This article provides instructions for using RegEx for pattern matching in Defender for Cloud Apps policies.

Regular expressions in Defender for Cloud Apps

The Microsoft Defender for Cloud Apps content inspection policies use RegEx for pattern matching. Content inspection may be applied as part of file policies.

Testing regular expressions

To test regular expressions, you can use the following websites:

Limitations of regular expressions in Defender for Cloud Apps

The following limitations are imposed on custom regular expressions:

  • The search is always case-insensitive
  • Allowed quantifiers: {n,m} where n, m < 10
  • All groups must be non-capturing, for example: (?:xxx)

    Instead of (group) use (?:group)

  • Disallowed quantifiers: *, +, {n,}

    Instead of * use {0,9}

    Instead of + use {1,9}

  • Disallowed back-references: \<number> or \k<name>

Example expressions

The following table gives you example expressions and if they would match or not.

EXAMPLE EXPRESSIONS
Regular expression Data Matches
Colou?r (?:black|blue|white) Color black

Color white

Color red

Yes

Yes

No

[a-z0-9]{1,9}@[a-z0-9]{1,9}\.[a-z]{2,3} [email protected]

[email protected]

@bad.com

Yes

Yes

No

20\d{2}-(?:0[1-9]|1[0-2])-(?:[0-2][0-9]|30|31) 2015-12-31

2015-01-09

1999-12-31

Yes

Yes

No

d.n’t\s{0,10}c.r. Don’t care

D!n’tcor0

Doesn’t care

Yes

Yes

No

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.