Skip to main content

Format and syntax highlight Suricata rules

Project description

suricata-prettifier

Snake-powered pipe cleaner eats single-line Suricata rules and poops out pleasantly-spaced, vibrantly-coloured delicacies straight to your plate. Examine this exemplary example:

alert tcp $HOME_NET any -> 94.242.238.242 6565 (msg:"EmergingThreats:Indicator-2405101"; flow:to_server,established; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/BotCC; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 360, count 1; classtype:trojan-activity; flowbits:set,ET.Evil; flowbits:set,ET.BotccIP; sid: 533; rev:4991;)

Now watch as the snake-babies devour such fine a morsel – the last food for winter – then travel northward to return to their mates, leaving behind their season's work:

Snake poop

alert tcp $HOME_NET any -> 94.242.238.242 6565 ( \
  msg: "EmergingThreats:Indicator-2405101"; \
  flow: to_server,established; \
  flags: S; \
  reference: url,doc.emergingthreats.net/bin/view/Main/BotCC; \
  reference: url,www.shadowserver.org; \
  threshold: type limit, track by_src, seconds 360, count 1; \
  classtype: trojan-activity; \
  flowbits: set,ET.Evil; \
  flowbits: set,ET.BotccIP; \
  sid: 533; \
  rev: 4991; \
)

Note: options with line continuations tested working with Suricata 4.0.4

Installation

pip install suricata-prettifier

Usage

Highlight and format right in your console. Wow.

prettify-suricata input.rules

Use it to generate sweet posts for your LiveJournal (Netscape Navigator required to view)

prettify-suricata -f html input.rules input.formatted.html style=vim full=True

Read from stdin and write to stdout to create your own pipe dream

head -n 50 input.rules | prettify-suricata -f html - - style=vim full=True | tee input.formatted.html

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

suricata-prettifier-0.0.5.tar.gz (5.0 kB view details)

Uploaded Source

File details

Details for the file suricata-prettifier-0.0.5.tar.gz.

File metadata

  • Download URL: suricata-prettifier-0.0.5.tar.gz
  • Upload date:
  • Size: 5.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.22.0 setuptools/42.0.1 requests-toolbelt/0.9.1 tqdm/4.39.0 CPython/3.8.0b4

File hashes

Hashes for suricata-prettifier-0.0.5.tar.gz
Algorithm Hash digest
SHA256 a4fa16897410489a863520ae689ad0c0037b5bc59cd1a8c9c74d76be95b4a1e4
MD5 d1f3e78b4118aaefbafe8b57d37cbb24
BLAKE2b-256 67c65adcce1e824b7e7a0c77a70f8e591d8c6927e7024c2f348815f537852d03

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page