Package for parsing and generating Snort/Suricata rules.
Project description
suricataparser
Pure python package for parsing and generating Snort/Suricata rules.
Installation
via pip:
pip install suricataparser
via Poetry:
poetry add suricataparser
Project status
Suricataparser completed, api is stable and frozen. If you found a bug, create an issue.
Usage examples
Parse file with rules:
from suricataparser import parse_file
rules = parse_file("suricata.rules")
Parse raw rule:
from suricataparser import parse_rule
rule = parse_rule('alert tcp any any -> any any (sid:1; gid:1;)')
Parse string with many rules:
from suricataparser import parse_rules
rules_object = "..."
rules = parse_rules(rules_object)
View rule properties:
>>> rule.sid
1
>>> rule.action
alert
>>> rule.header
tcp any any -> any any
>>> rule.msg
'"Msg"'
Turn on/off rule:
>>> rule.enabled
True
>>> rule.enabled = False
>>> print(rule)
# alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)
Modify options:
>>> rule.add_option("http_uri")
>>> rule.add_option("key", "value")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri; key: value;)
>>> rule.pop_option("key")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri;)
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
suricataparser-1.0.0.tar.gz
(8.1 kB
view hashes)
Built Distribution
Close
Hashes for suricataparser-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | e36d2bdae14d3b7be79d2412a2753a36fc30a2ddd702f357f4e3688a9b011d53 |
|
MD5 | 1fa739255eee2a62bc53d81526e05ce3 |
|
BLAKE2b-256 | 9dd2065d97b6212fafabc05da7c7d563fcb6fe6a796f1dde0274936b7ad774d0 |