Parse Suricata rules
Project description
parsuricata
Parse Suricata rules
Installation
pip install parsuricata
Usage
from parsuricata import parse_rules
source = '''
alert http $HOME_NET any -> !$HOME_NET any (msg: "hi mum!"; content: "heymum"; http_uri; sid: 1;)
'''
rules = parse_rules(source)
print(rules)
#
# alert http $HOME_NET any -> !$HOME_NET any ( \
# msg: hi mum!; \
# content: heymum; \
# http_uri; \
# sid: 1; \
# )
rule = rules[0]
print(rule.action)
# alert
print(rule.protocol)
# http
print(rule.src)
# $HOME_NET
print(rule.src_port)
# any
print(rule.direction)
# ->
print(rule.dst)
# !$HOME_NET
print(rule.dst_port)
# any
for option in rule.options:
print(f'{option.keyword} = {option.settings}')
#
# msg = hi mum!
# content = heymum
# http_uri = None
# sid = 1
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
parsuricata-0.3.2.tar.gz
(8.0 kB
view hashes)
Built Distribution
Close
Hashes for parsuricata-0.3.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2eb175c5e387f33a0ae6f7cc3120fe41a0f19dc95ebc7c47705187c233f8437a |
|
MD5 | 41b1c3e9a6340fc230e5d5b5291a05af |
|
BLAKE2b-256 | 6e5d5ec91e26931eb6636f7034140e923dfb9bcc6a50c4e268a85ebf3e43e896 |