Snort::Rule

1.07 Perl Artistic License    
1.0/5 2

  7,158 downloads

A Perl extension for dynamically building snort rules

description

download

specs

Snort::Rule is a Perl extension for dynamically building snort rules.

SYNOPSIS

use Snort::Rule;
$rule = Snort::Rule->new(
-action => 'alert',
-proto => 'tcp',
-src => 'any',
-sport => 'any',
-dir => '->',
-dst => '192.188.1.1',
-dport => '44444',
);

$rule->opts('msg','Test Rule"');
$rule->opts('threshold','type limit,track by_src,count 1,seconds 3600');
$rule->opts('sid','500000');

print $rule->string()."n";

OR

$rule = 'alert tcp $SMTP_SERVERS any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE POLICY SMTP US Top Secret PROPIN"; flow:to_server,established; content:"Subject|3A|"; pcre:"/(TOPsSECRET|TS)//[sw,/-]*PROPIN[sw,/-]*(?=//(25)?X[1-9])/ism"; classtype:policy-violation; sid:2002448; rev:1;)';

$rule = Snort::Rule->new(-parse => $rule);
print $rule->string()."n";


This is a very simple snort rule object. It was developed to allow for scripted dynamic rule creation. Ideally you could dynamically take a list of bad hosts and build an array of snort rule objects from that list. Then write that list using the string() method to a snort rules file.
read more   
Last updated on September 2nd, 2006

#building snort rules #Perl extension #Perl module #extension #building #snort #rules

0 User reviews so far.

SUBMIT