How to use Asterisks (*) in HIP OS match
4148
Created On 03/10/19 01:21 AM - Last Modified 04/18/19 20:42 PM
Question
There are several options for OS type in the drop-down including an 'Other'. If I use the 'Other' option with a wildcard ('*') in the field, will that log ALL OS? Will the * symbol work at all?
Environment
- PAN-OS
- HIP Object
- Global Protect
Answer
- For HIP OS Match, we just do a case insensitive substring match - we don't do a regular expression match.
- For example, if the OS value in the HIP report from the client is "Microsoft Windows 7 Enterprise Edition Service Pack 1, 64-bit" and if the user has configured Other -> "Micro" then the match will be successful because we're just checking if the configured string is a substring of the HIP Report's OS string. As a matter of fact, you could even configure "Edition" and the match would be successful.
- If however, Other -> "Micro*" is entered then it will fail because the substring match will fail.
- Since we don't do a regular expression match for HIP OS, we cannot use asterisk as HIP OS match.