I want to exclude some specific words and if those words doesn't match, then should match an md5 hash for example.
Here a small log as example
"value": "ef51be4506d7d287abc8c26ea6c495f6", "u_jira_status": "", "u_quarter_closed": "", "file_hash": "ef51be4506d7d287abc8c26ea6c495f6", "escalation": "0", "upon_approval": "proceed", "correlation_id": "", "cyber_kill_change": "ef51be4506d7d287abc8c26ea6c495f6", "sys_id": "ef51be4506d7d287abc8c26ea6c495f6", "u_business_service": "", "destination_ip": "ef51be4506d7d287abc8c26ea6c495f6", u'test': u'9db92f08db4f951423c87d84f39619ef'
As you can see there is multiple values that should match, just excluding "value" and "id"
Here the regex I am using so far
([^value|^id](\":\s\"|':\su')\b)[a-fA-F\d]{32}\b
I know that [value|id]=(v|a|l|u|e|i|d) so this is not what I want, I want to exclude the words, not just the letters. So I need another option to exclude those words, I cannot use "<", "!", "=" or "*" so something like this (?<!value|id) is not an option for me
There is two cases where after the exclusion could be "something": "hash" or 'something': u'hash'
Whit the previous regex the result is the following.
The result is excluding value and id as expected, but there is a value called "cyber_kill_change" that is not matching for some reason and for the other ones is matching "file_hash", "destination_ip" and 'test' as expected. Now as you can see in the previous image the matches are
h": "ef51be4506d7d287abc8c26ea6c495f6 p": "ef51be4506d7d287abc8c26ea6c495f6 t': u'9db92f08db4f951423c87d84f39619ef
I'm looking for a result where the MD5 is showed, something like the following
9db92f08db4f951423c87d84f39619ef
Can someone explain to me how to match correctly, please?
Note For the exclusions I cannot use something similar to this (?<!value|id) The < and ! are not accepted by the software where I want to add the regex. If it helps I am trying to use this regex for XSOAR, here some documentation of the permitted Syntax
