This option allows you to create signatures containing regular expressions compatible with the Perl language (detailed information on the website http://perldoc.perl.org/perlre.html):
.pcre="regex_str";
In addition to the = operator, the != operator can also be used. If the latter operator is specified, it will search for packets which do not contain a specified regular expression.
The parameter has the following general format:
.pcre="regex_str"; [.where=<MODE>;] [.distance=<RANGE>[,<MODE>];] [.within=<RANGE>[,<MODE>];] [.service=<MODE>;]
Search area modifiers (.where, .distance, .within, .service) will be detailed later.
When writing a signature a number of .pcre parameters can be used to reduce the number of false positives.