Skip to main content

Package for parsing and generating Snort/Suricata rules.

Project description

suricataparser

pypi-version py-versions license CI

Pure python package for parsing and generating Snort/Suricata rules.

Installation

via pip:

pip install suricataparser

via Poetry:

poetry add suricataparser

Project status

Suricataparser completed, api is stable and frozen. If you found a bug, create an issue.

Usage examples

Parse file with rules:

from suricataparser import parse_file

rules = parse_file("suricata.rules")

Parse raw rule:

from suricataparser import parse_rule

rule = parse_rule('alert tcp any any -> any any (sid:1; gid:1;)')

Parse string with many rules:

from suricataparser import parse_rules

rules_object = "..."
rules = parse_rules(rules_object)

View rule properties:

>>> rule.sid
1

>>> rule.action
alert

>>> rule.header
tcp any any -> any any

>>> rule.msg
'"Msg"'

Turn on/off rule:

>>> rule.enabled
True

>>> rule.enabled = False
>>> print(rule)
# alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)

Modify options:

>>> rule.add_option("http_uri")
>>> rule.add_option("key", "value")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri; key: value;)

>>> rule.pop_option("key")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri;)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

suricataparser-1.0.0.tar.gz (8.1 kB view details)

Uploaded Source

Built Distribution

suricataparser-1.0.0-py3-none-any.whl (8.7 kB view details)

Uploaded Python 3

File details

Details for the file suricataparser-1.0.0.tar.gz.

File metadata

  • Download URL: suricataparser-1.0.0.tar.gz
  • Upload date:
  • Size: 8.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.1.13 CPython/3.8.14 Linux/5.15.0-50-generic

File hashes

Hashes for suricataparser-1.0.0.tar.gz
Algorithm Hash digest
SHA256 d293c320c446cb4cefb6a5b9ede271d5e4621bfa82e3d76e111074c06297b7fa
MD5 3e7bedeca0eba09c9879da62693b64c5
BLAKE2b-256 f0eece1835f4b70da00ac05794b7c50bc247010609d772c0d49621424a3e9a0d

See more details on using hashes here.

File details

Details for the file suricataparser-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: suricataparser-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 8.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: poetry/1.1.13 CPython/3.8.14 Linux/5.15.0-50-generic

File hashes

Hashes for suricataparser-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e36d2bdae14d3b7be79d2412a2753a36fc30a2ddd702f357f4e3688a9b011d53
MD5 1fa739255eee2a62bc53d81526e05ce3
BLAKE2b-256 9dd2065d97b6212fafabc05da7c7d563fcb6fe6a796f1dde0274936b7ad774d0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page