Describe the bug
I am trying to edit an existing cortex analyzer (Urlscan_io_Search_0_1_1) to add a new feature. I want to add to this existing analyzer an extra option for a regex based search through Urlscan's capability to search using URL keyword regex. The issue raises when I use a "\" character and cortex adds an extra "\" character.
To Reproduce
Steps to reproduce the behavior:
Create or edit an analyzer and use as datatype regexp in Service Interaction File.
Use the analyzer and give as an input a regex with "\" character in. For example "http\:\/\/domain.test"
Then the cortex will change the regex into "http\:\/\/domain\.test"
Expected behavior
In this occasion we will expect to use "\" character as it is without cortex adding an extra "\" character".
The same problem rises when running OpenCTI_SearchObservables_2_0 analyzer with regexp option.
Describe the bug I am trying to edit an existing cortex analyzer (Urlscan_io_Search_0_1_1) to add a new feature. I want to add to this existing analyzer an extra option for a regex based search through Urlscan's capability to search using URL keyword regex. The issue raises when I use a "\" character and cortex adds an extra "\" character.
To Reproduce Steps to reproduce the behavior:
Create or edit an analyzer and use as datatype regexp in Service Interaction File. Use the analyzer and give as an input a regex with "\" character in. For example "http\:\/\/domain.test" Then the cortex will change the regex into "http\:\/\/domain\.test" Expected behavior In this occasion we will expect to use "\" character as it is without cortex adding an extra "\" character". The same problem rises when running OpenCTI_SearchObservables_2_0 analyzer with regexp option.