Parse Suricata rules

Project description

parsuricata

Parse Suricata rules

Installation

pip install parsuricata

Usage

from parsuricata import parse_rules

source = '''
  alert http $HOME_NET any -> !$HOME_NET any (msg: "hi mum!"; content: "heymum"; http_uri; sid: 1;)
'''

rules = parse_rules(source)
print(rules)
#
# alert http $HOME_NET any -> !$HOME_NET any ( \
#   msg: hi mum!; \
#   content: heymum; \
#   http_uri; \
#   sid: 1; \
# )

rule = rules[0]

print(rule.action)
# alert

print(rule.protocol)
# http

print(rule.src)
# $HOME_NET

print(rule.src_port)
# any

print(rule.direction)
# ->

print(rule.dst)
# !$HOME_NET

print(rule.dst_port)
# any

for option in rule.options:
    print(f'{option.keyword} = {option.settings}')
#
# msg = hi mum!
# content = heymum
# http_uri = None
# sid = 1

Project details

Release history Release notifications | RSS feed

This version

0.1.1

May 14, 2019

0.1.0

May 14, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for parsuricata, version 0.1.1
Filename, size	File type	Python version	Upload date	Hashes
Filename, size parsuricata-0.1.1-py3-none-any.whl (4.3 kB)	File type Wheel	Python version py3	Upload date May 14, 2019	Hashes View
Filename, size parsuricata-0.1.1.tar.gz (3.8 kB)	File type Source	Python version None	Upload date May 14, 2019	Hashes View

Hashes for parsuricata-0.1.1-py3-none-any.whl

Hashes for parsuricata-0.1.1-py3-none-any.whl
Algorithm	Hash digest
SHA256	`f0ac405f01f972defe281d2e4324916e80da2eb5ed5e210cbfbf966b29892295`
MD5	`fd267105f5920037365a02d966a4c0d2`
BLAKE2-256	`442ae9596fb73882ca9d2b1c7b33d981c3881b5d4b636befc34053d829d8adda`

Hashes for parsuricata-0.1.1.tar.gz

Hashes for parsuricata-0.1.1.tar.gz
Algorithm	Hash digest
SHA256	`ce8e9bf4e9398b698a1af499e03869990761012979bbc6287a4acde07513a4b0`
MD5	`7c2dfe2cb2e8a0862b8bc8c372756716`
BLAKE2-256	`446152715526fc541243f875f109cec0b67ae5b5d4b36685ea4c60ec3178f56d`