Skip to main content

Format and syntax highlight Suricata rules

Project description

suricata-prettifier

Snake-powered pipe cleaner eats single-line Suricata rules and poops out pleasantly-spaced, vibrantly-coloured delicacies straight to your plate. Examine this exemplary example:

alert tcp $HOME_NET any -> 94.242.238.242 6565 (msg:"EmergingThreats:Indicator-2405101"; flow:to_server,established; flags:S; reference:url,doc.emergingthreats.net/bin/view/Main/BotCC; reference:url,www.shadowserver.org; threshold: type limit, track by_src, seconds 360, count 1; classtype:trojan-activity; flowbits:set,ET.Evil; flowbits:set,ET.BotccIP; sid: 533; rev:4991;)

Now watch as the snake-babies devour such fine a morsel – the last food for winter – then travel northward to return to their mates, leaving behind their season's work:

Snake poop

alert tcp $HOME_NET any -> 94.242.238.242 6565 ( \
  msg: "EmergingThreats:Indicator-2405101"; \
  flow: to_server,established; \
  flags: S; \
  reference: url,doc.emergingthreats.net/bin/view/Main/BotCC; \
  reference: url,www.shadowserver.org; \
  threshold: type limit, track by_src, seconds 360, count 1; \
  classtype: trojan-activity; \
  flowbits: set,ET.Evil; \
  flowbits: set,ET.BotccIP; \
  sid: 533; \
  rev: 4991; \
)

Note: options with line continuations tested working with Suricata 4.0.4

Installation

pip install suricata-prettifier

Usage

Highlight and format right in your console. Wow.

prettify-suricata input.rules

Use it to generate sweet posts for your LiveJournal (Netscape Navigator required to view)

prettify-suricata -f html input.rules input.formatted.html style=vim full=True

Read from stdin and write to stdout to create your own pipe dream

head -n 50 input.rules | prettify-suricata -f html - - style=vim full=True | tee input.formatted.html

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for suricata-prettifier, version 0.0.4
Filename, size File type Python version Upload date Hashes
Filename, size suricata-prettifier-0.0.4.tar.gz (4.6 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page