Only alert on valid SSNs

[moshekaplan]

It's possible I misunderstood the regex, but it seems like the pattern does not account for avoiding alerting on invalid SSNs. Here is the current pattern used:

ssn-exposure/scripts/main.zeek

Line 62 in 6b0b718

const ssn_regex = /([^0-9\-\.=\/\\%_]|^)\0?[0-6](\0?[0-9]){2}\0?[\.\-[:blank:]](\0?[0-9]){2}\0?[\.\-[:blank:]](\0?[0-9]){4}([^0-9\-\.=\/\\%_]|$)/ &redef;

Per https://secure.ssa.gov/poms.nsf/lnx/0110201035 :

identify invalid SSNs with:
•The first three digits (former area number) as "000," "666,” or in the 900 series.
•The second group of two digits (former group number) as "00."
•The third group of four digits (former serial number) as "0000."

Please consider updating the regex to only match valid SSNs

[hiteshbedre]

This might help you: https://www.geeksforgeeks.org/how-to-validate-ssn-social-security-number-using-regular-expression/