Metadata-Version: 2.1
Name: suricataparser
Version: 0.0.7
Summary: Suricata rule parser
Home-page: https://github.com/m-chrome/py-suricataparser
Author: Michail Tsyganov
License: Apache-2.0 License
Platform: UNKNOWN
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3 :: Only
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Requires-Python: >=3.6

suricataparser |build-status| |py-versions| |pypi-version| |license|
======================================================================
Pure python package for parsing and generating Snort/Suricata rules.

Install
---------
Requires Python >= 3.6.

    pip install suricataparser

Usage
---------
::

    >>> from suricataparser import parse_rule, parse_file

Parse rules file:
::

    >>> rules = parse_file("suricata.rules")

Parse raw rule:
::

    >>> rule = parse_rule('alert tcp any any -> any any (sid:1; gid:1;)')
    >>> print(rule)
    alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)

View rule properties:
::

    >>> rule.sid
    1

    >>> rule.action
    alert

    >>> rule.header
    tcp any any -> any any

    >>> rule.msg
    '"Msg"'

Turn on/off rule:
::

    >>> rule.enabled
    True

    >>> rule.enabled = False
    >>> print(rule)
    # alert tcp any any -> any any (msg:"Msg"; sid:1; gid:1;)

Modify options:
::

    >>> rule.add_option("http_uri")
    >>> rule.add_option("key", "value")
    >>> print(rule)
    alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri; key: value;)

    >>> rule.pop_option("key")
    >>> print(rule)
    alert tcp any any -> any any (msg: "Msg"; sid: 1; gid: 1; http_uri;)

.. |build-status| image:: https://travis-ci.org/m-chrome/py-suricataparser.png?branch=master
   :target: https://travis-ci.org/m-chrome/py-suricataparser
.. |pypi-version| image:: https://badge.fury.io/py/suricataparser.svg
   :target: https://pypi.org/project/suricataparser
.. |license| image:: https://img.shields.io/pypi/l/suricataparser.svg
   :target: https://github.com/m-chrome/py-suricataparser/blob/master/LICENSE
.. |py-versions| image:: https://img.shields.io/pypi/pyversions/suricataparser.svg
   :target: https://pypi.org/project/suricataparser


