Skip to main content

Suricata rule parser

Project description

Pure python parser for Snort/Suricata rules.

Install

Requires Python >= 3.6.

pip install suricataparser

Usage

>>> from suricataparser import parse_rule, parse_file

Parse rules file:

>>> rules = parse_file("suricata.rules")

Parse raw rule:

>>> rule = parse_rule('alert tcp any any -> any any (sid:1; gid:1;)')
>>> print(rule)
alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)

View rule properties:

>>> rule.sid
1

>>> rule.action
alert

>>> rule.header
tcp any any -> any any

>>> rule.msg
'"Msg"'

Turn on/off rule:

>>> rule.enabled
True

>>> rule.enabled = False
>>> print(rule)
# alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)

Modify options:

>>> rule.add_option("http_uri")
>>> rule.add_option("key", "value")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri; key: value;)

>>> rule.pop_option("key")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri;)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

suricataparser-0.0.3.tar.gz (7.3 kB view hashes)

Uploaded Source

Built Distribution

suricataparser-0.0.3-py3-none-any.whl (8.1 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page