Hey all — I’m trying to answer this prompt: “Write a regular expression to match on any IP address. How many DNS answers contain an IP address?” It is my last question on “3.2 - Discover - Searching with KQL and Lucene” and i have been stuck at it for a good amount of time any help appreciated
Thank you.
Hello @Mayad_Koujah
Welcome to the Community!!
Training : Elastic Security for SIEM
3.2 - Discover - Searching with KQL and Lucene:
Write a regular expression to match on any IP address. How many dns answers contain an IP address?
Since it is a regular expression we need to use Lucene.
index : ecs-zeek-*
Day 0
dns.answers.name : /([0-9]{1,3}.){3}[0-9]{1,3}/
We get => 8342
Thanks!!
thank you so much if you can please provide a quick simple explanation it would be much appreciated
Sure @Mayad_Koujah , I have shared the explanation.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.