Package for parsing and generating Snort/Suricata rules.
Project description
Pure python package for parsing and generating Snort/Suricata rules.
Install
Requires Python >= 3.6.
pip install suricataparser
Usage
>>> from suricataparser import parse_rule, parse_file, parse_rules
Parse rules file:
>>> rules = parse_file("suricata.rules")
Parse rules object (for embedding into scripts):
>>> rules = parse_rules(rules_object)
Parse raw rule:
>>> rule = parse_rule('alert tcp any any -> any any (sid:1; gid:1;)')
>>> print(rule)
alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)
View rule properties:
>>> rule.sid 1 >>> rule.action alert >>> rule.header tcp any any -> any any >>> rule.msg '"Msg"'
Turn on/off rule:
>>> rule.enabled True >>> rule.enabled = False >>> print(rule) # alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)
Modify options:
>>> rule.add_option("http_uri")
>>> rule.add_option("key", "value")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri; key: value;)
>>> rule.pop_option("key")
>>> print(rule)
alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri;)
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
suricataparser-0.0.8.tar.gz
(7.9 kB
view hashes)
Built Distribution
Close
Hashes for suricataparser-0.0.8-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b815bdf1f615e4c015625e87f9c79d75fddb32cbc9d84776e370cbd3f4d552c6 |
|
| MD5 | 8c62a551e50c149cee8b9f18ca38b234 |
|
| BLAKE2b-256 | 78aa607c9a7efc03c43df81cc09f44181b6d38474ee0fe5d59be81e7d213648e |
