Parse Suricata rules
Project description
parsuricata
Parse Suricata rules
Installation
pip install parsuricata
Usage
from parsuricata import parse_rules
source = '''
alert http $HOME_NET any -> !$HOME_NET any (msg: "hi mum!"; content: "heymum"; http_uri; sid: 1;)
'''
rules = parse_rules(source)
print(rules)
#
# alert http $HOME_NET any -> !$HOME_NET any ( \
# msg: hi mum!; \
# content: heymum; \
# http_uri; \
# sid: 1; \
# )
rule = rules[0]
print(rule.action)
# alert
print(rule.protocol)
# http
print(rule.src)
# $HOME_NET
print(rule.src_port)
# any
print(rule.direction)
# ->
print(rule.dst)
# !$HOME_NET
print(rule.dst_port)
# any
for option in rule.options:
print(f'{option.keyword} = {option.settings}')
#
# msg = hi mum!
# content = heymum
# http_uri = None
# sid = 1
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
parsuricata-0.1.1.tar.gz
(3.8 kB
view hashes)
Built Distribution
Close
Hashes for parsuricata-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | f0ac405f01f972defe281d2e4324916e80da2eb5ed5e210cbfbf966b29892295 |
|
MD5 | fd267105f5920037365a02d966a4c0d2 |
|
BLAKE2b-256 | 442ae9596fb73882ca9d2b1c7b33d981c3881b5d4b636befc34053d829d8adda |