解析suricata规则
parsuricata的Python项目详细描述
帕苏里卡塔
分析suricata规则
安装
pip install parsuricata
用法
fromparsuricataimportparse_rulessource=''' alert http $HOME_NET any -> !$HOME_NET any (msg: "hi mum!"; content: "heymum"; http_uri; sid: 1;)'''rules=parse_rules(source)print(rules)## alert http $HOME_NET any -> !$HOME_NET any ( \# msg: hi mum!; \# content: heymum; \# http_uri; \# sid: 1; \# )rule=rules[0]print(rule.action)# alertprint(rule.protocol)# httpprint(rule.src)# $HOME_NETprint(rule.src_port)# anyprint(rule.direction)# ->print(rule.dst)# !$HOME_NETprint(rule.dst_port)# anyforoptioninrule.options:print(f'{option.keyword} = {option.settings}')## msg = hi mum!# content = heymum# http_uri = None# sid = 1