A Perl extension for dynamically building snort rules. #Building snort rules #Perl extension #Perl module #Extension #Building #Snort
Snort::Rule is a Perl extension for dynamically building snort rules.
use Snort::Rule; $rule = Snort::Rule->new( -action => 'alert', -proto => 'tcp', -src => 'any', -sport => 'any', -dir => '->', -dst => '192.188.1.1', -dport => '44444', );
$rule->opts('msg','Test Rule"'); $rule->opts('threshold','type limit,track by_src,count 1,seconds 3600'); $rule->opts('sid','500000');
print $rule->string()."n";
OR
$rule = 'alert tcp $SMTP_SERVERS any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE POLICY SMTP US Top Secret PROPIN"; flow:to_server,established; content:"Subject|3A|"; pcre:"/(TOPsSECRET|TS)//[sw,/-]*PROPIN[sw,/-]*(?=//(25)?X[1-9])/ism"; classtype:policy-violation; sid:2002448; rev:1;)';
$rule = Snort::Rule->new(-parse => $rule); print $rule->string()."n";
This is a very simple snort rule object. It was developed to allow for scripted dynamic rule creation. Ideally you could dynamically take a list of bad hosts and build an array of snort rule objects from that list. Then write that list using the string() method to a snort rules file.
System requirements
Snort::Rule 1.07
add to watchlist add to download basket send us an update REPORT- runs on:
- Linux
- filename:
- Snort-Rule-1.07.tar.gz
- main category:
- Programming
- developer:
- visit homepage
Bitdefender Antivirus Free 27.0.35.146
ShareX 16.0.1
4k Video Downloader 1.5.3.0080 Plus / 4.30.0.5655
Zoom Client 6.0.0.37205
Windows Sandbox Launcher 1.0.0
7-Zip 23.01 / 24.04 Beta
IrfanView 4.67
paint.net 5.0.13 (5.13.8830.42291)
calibre 7.9.0
Microsoft Teams 24060.3102.2733.5911 Home / 1.7.00.7956 Work
- paint.net
- calibre
- Microsoft Teams
- Bitdefender Antivirus Free
- ShareX
- 4k Video Downloader
- Zoom Client
- Windows Sandbox Launcher
- 7-Zip
- IrfanView