Skip to main content

Package for parsing and generating Snort/Suricata rules.

Project description

suricataparser

pypi-version py-versions license CI

Pure python package for parsing and generating Snort/Suricata rules.

Installation

via pip:

pip install suricataparser

via Poetry:

poetry add suricataparser

Project status

Suricataparser completed, api is stable and frozen. If you found a bug, create an issue.

Usage examples

Parse file with rules:

from suricataparser import parse_file

rules = parse_file("suricata.rules")

Parse raw rule:

from suricataparser import parse_rule

rule = parse_rule('alert tcp any any -> any any (sid:1; gid:1;)')

Parse string with many rules:

from suricataparser import parse_rules

rules_object = "..."
rules = parse_rules(rules_object)

View rule properties:

>>> rule.sid
1

>>> rule.action
alert

>>> rule.header
tcp any any -> any any

>>> rule.msg
'"Msg"'

Turn on/off rule:

>>> rule.enabled
True

>>> rule.enabled = False
>>> print(rule)
# alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)

Modify options:

>>> rule.add_option("http_uri")
>>> rule.add_option("key", "value")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri; key: value;)

>>> rule.pop_option("key")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri;)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

suricataparser-1.0.0.tar.gz (8.1 kB view hashes)

Uploaded Source

Built Distribution

suricataparser-1.0.0-py3-none-any.whl (8.7 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page