用于查看和筛选Suricata和Snort规则集的脚本和库,这些规则集基于每个规则中元数据关键字中的已解释的键值对。
aristotle的Python项目详细描述
Aristotle是一个简单的Python程序,它允许过滤 基于已解释的键值对的Suricata和Snort规则集 在每个规则中的元数据关键字中。它可以独立运行 编写脚本或用作库。在
应用程序概述
亚里士多德接受一个规则集,并且可以提供关于包含的 元数据键。如果提供了筛选器字符串,也将应用它 根据规则集和已过滤的规则集输出。在
亚里士多德与Python2.7和Python3.x兼容
| In order for Aristotle to be useful, it must be provided a ruleset that has rules with the metadata keyword populated with appropriate key-value pairs. Aristotle assumes that the provided ruleset conforms to the BETTER Schema. |
使用
usage: aristotle.py [-h] -r RULES [-f METADATA_FILTER] [--summary]
[-o OUTFILE] [-s [STATS [STATS ...]]] [-i] [-q] [-d]
optional arguments:
-h, --help show this help message and exit
-r RULES, --rules RULES, --ruleset RULES
path to rules file or string containing the ruleset
(default: None)
-f METADATA_FILTER, --filter METADATA_FILTER
Boolean filter string or path to a file containing it
(default: None)
--summary output a summary of the filtered ruleset to stdout; if
an output file is given, the full, filtered ruleset
will still be written to it. (default: False)
-o OUTFILE, --output OUTFILE
output file to write filtered ruleset to (default:
<stdout>)
-s [STATS [STATS ...]], --stats [STATS [STATS ...]]
display ruleset statistics about specified key(s). If
no key(s) supplied, then summary statistics for all
keys will be displayed. (default: None)
-i, --include-disabled
include (effectively enable) disabled rules when
applying the filter (default: False)
-q, --quiet, --suppress_warnings
quiet; suppress warning logging (default: False)
-d, --debug turn on debug logging (default: False)
许可证
亚里士多德是根据Apache License, Version 2.0授权的。在
- 项目
标签:
欢迎加入QQ群-->: 979659372
