Parse Suricata rules
Project description
parsuricata
Parse Suricata rules
Installation
pip install parsuricata
Usage
from parsuricata import parse_rules
source = '''
alert http $HOME_NET any -> !$HOME_NET any (msg: "hi mum!"; content: "heymum"; http_uri; sid: 1;)
'''
rules = parse_rules(source)
print(rules)
#
# alert http $HOME_NET any -> !$HOME_NET any ( \
# msg: hi mum!; \
# content: heymum; \
# http_uri; \
# sid: 1; \
# )
rule = rules[0]
print(rule.action)
# alert
print(rule.protocol)
# http
print(rule.src)
# $HOME_NET
print(rule.src_port)
# any
print(rule.direction)
# ->
print(rule.dst)
# !$HOME_NET
print(rule.dst_port)
# any
for option in rule.options:
print(f'{option.keyword} = {option.settings}')
#
# msg = hi mum!
# content = heymum
# http_uri = None
# sid = 1
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
parsuricata-0.4.1.tar.gz
(8.2 kB
view hashes)
Built Distribution
Close
Hashes for parsuricata-0.4.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | e6c4c46e2447d7067e67e170823a9a6fc7ae1faa8405333c9fb9c965dc481134 |
|
| MD5 | b1c6b40f22dbf42fbba344a7ccb1a7ae |
|
| BLAKE2b-256 | 96fcdfe0d0458c7c2843ffd1be5da1b4a6b2f790dd5c4a74a97a4a5b73597d02 |
