Parse Suricata rules

Project description

parsuricata

Parse Suricata rules

Installation

pip install parsuricata

Usage

from parsuricata import parse_rules

source = '''
  alert http $HOME_NET any -> !$HOME_NET any (msg: "hi mum!"; content: "heymum"; http_uri; sid: 1;)
'''

rules = parse_rules(source)
print(rules)
#
# alert http $HOME_NET any -> !$HOME_NET any ( \
#   msg: hi mum!; \
#   content: heymum; \
#   http_uri; \
#   sid: 1; \
# )

rule = rules[0]

print(rule.action)
# alert

print(rule.protocol)
# http

print(rule.src)
# $HOME_NET

print(rule.src_port)
# any

print(rule.direction)
# ->

print(rule.dst)
# !$HOME_NET

print(rule.dst_port)
# any

for option in rule.options:
    print(f'{option.keyword} = {option.settings}')
#
# msg = hi mum!
# content = heymum
# http_uri = None
# sid = 1

Project details

Release history Release notifications | RSS feed

This version

0.3.2

Oct 21, 2021

0.3.1

Oct 7, 2021

0.3.0

Oct 7, 2021

0.2.4

Sep 28, 2021

0.2.3

May 8, 2021

0.2.2

May 8, 2021

0.2.1

May 7, 2021

0.1.1

May 14, 2019

0.1.0

May 14, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

parsuricata-0.3.2.tar.gz (8.0 kB view hashes)

Uploaded Oct 21, 2021 source

Built Distribution

parsuricata-0.3.2-py3-none-any.whl (5.6 kB view hashes)

Uploaded Oct 21, 2021 py3

Hashes for parsuricata-0.3.2.tar.gz

Hashes for parsuricata-0.3.2.tar.gz
Algorithm	Hash digest
SHA256	`dbf9020bff5b0501a0d06ccccbaa13d3437575f9af363eb5ddb6cf3a9b6408eb`
MD5	`d175b082091df637154ede37fef43d84`
BLAKE2-256	`35a154b9f00a0324f2da9839c5d3ed6ea88c2cf01c05c7001f4df4209357d574`

Hashes for parsuricata-0.3.2-py3-none-any.whl

Hashes for parsuricata-0.3.2-py3-none-any.whl
Algorithm	Hash digest
SHA256	`2eb175c5e387f33a0ae6f7cc3120fe41a0f19dc95ebc7c47705187c233f8437a`
MD5	`41b1c3e9a6340fc230e5d5b5291a05af`
BLAKE2-256	`6e5d5ec91e26931eb6636f7034140e923dfb9bcc6a50c4e268a85ebf3e43e896`