Pattern matching with various code or no-code tools is a critical skill in the security field. There are countless use cases, so you're likely to come across and have a use for writing one of these patterns. ## My general methodology 1. Find a use case for pattern matching. Here are some common security-related examples: - Writing detection logic - Writing exclusion patterns - Searching the file system based on a pattern - Performing log analysis 2. Gather as much data as you can that you want to match. 3. Throw that data into [Regexr](https://regexr.com/) or [Glob tool](https://www.digitalocean.com/community/tools/glob) and start crafting a pattern. - This works even better if you have true positive and false positive data to test against. For example, maybe you want to match `8.8.8.8` (a valid IP address) but not `123.456.789.123` (not a valid IP address) ## Regular expressions [**Regexr**](https://regexr.com/) is a great tool for writing and testing regular expressions. If you are just getting started, I recommend starting simple with syntax like: - `.` (any character) - `|` (logical OR) - `?` (make the previous character, set, or group optional) **Regexr** will explain the different parts of your expression and show partial matches as you write it. Regular expressions *can* be pretty complicated, but they can also be simple and still be incredibly powerful. ## Glob patterns Globs are a bit simpler than regular expressions, and typically used to match filepaths. You might have seen them before in a `.gitignore` file. [**Glob tool**](https://www.digitalocean.com/community/tools/glob) is similar to Regexr, but for Glob patterns. > [!tip] These tools are open-source! > Both of these tools are open-source, and you can self host them if you want. > [`glob-tool` on GitHub](https://github.com/do-community/glob-tool) > [`regexr` on GitHub](https://github.com/gskinner/regexr/)