How do I test Derived Field Search Patterns?

Last Updated: 5/13/24

 

Overview

Testing is done outside of the NopSec Platform for now, however, it is part of our goals to introduce new Query Operators which should allow users to test most Search Patterns.

Search Patterns within Derived Fields are meant to be used when looking for a very specific value to use as the source for the Derived Field. 

  • NopSec fields that are stored as a list such as IP Address, MAC Address benefit from being able to use a search pattern to find the specific value you'd like to use.  
    • ["127.0.0.1", "10.0.0.1", "7.103.24.55"]
    • By default, without specifying a search pattern NopSec will take the first item in the list, in this case 127.0.0.1 which may not be what you expected.
    • If you wanted to use the internal IP address you can provide a search pattern such as:
      • Starts with: 10.0.
      • Contains: 10.0.0
    • Vs if you wanted to use your external IP Address scheme you can do:
      • Starts with 7.103
  • Tags may be created with some structure within the naming convention that you may want to be able to find a specific value using a search pattern. 

Operators

  • Is Exact
  • Contains
  • Starts With
  • Ends With
  • Regex

Testing

If you want to test Is Exact, Contains, Starts With, Ends With then we recommend:

  • Export a Report CSV making sure it contains the columns for the fields you will use in your rules
  • Open the CSV file in Excel or Google Sheets or your favorite Spreadsheet tool
  • Create a filter view
    • Typically, select all header columns and open the Data menu and select Create Filter
  • Click on the Filter for the column you want to test
  • You should be able to test the above operators in your tool. 
  • You can then copy paste the string you used to test into your derived fields rule.

If you want to test Regex, then we recommend:

  • Export a Report CSV making sure it contains the columns for the fields you will use in your rules
  • Open the CSV file in Excel or Google Sheets or your favorite Spreadsheet tool
  • Copy the values out of the column you want to test
  • Open up a Regex Testing tool such as:
    • https://regexr.com
    • https://regex101.com/
  • Paste your values into the test data section
  • Test your search patterns within the tool
  • Copy the search pattern from the tool to the Derived Fields rule