RegEx for non-delimited SSNs

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

RegEx for non-delimited SSNs

L0 Member

Using the built-in non-delimited SSN data pattern generates too many false positives to be useful for us.  I therefore want to build a regex that will accomplish the same thing.  It appears that the regex engine in the Palo Alto is very limited in what it can handle.  For example, it does not recognize "\b", any "(?" construct, or "{n}" pattern counts.  How can I create a regex that will look for valid SSNs that are word-boundary delimited?  Note that due to the nature of my business, I cannot count on any specific text string appearing in a file that contains SSNs.  There are various characteristics I can likely count on, but they all require variable and optional pattern matching.

Also, what is the actual overhead associated with checking outbound documents using a regex?  Will I see a significant performance hit?

1 REPLY 1

L5 Sessionator

Hi,

Making test on my side and for your request it seem that regex which are today implemented in the PA will be not enough for your need.

Maybe you can make a feature request to your local Pa SE.

In https://live.paloaltonetworks.com/docs/DOC-4118 you will be able to find info concerning data pattern limitation.

v.

  • 2411 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!