Snort::Rule 1.07

A Perl extension for dynamically building snort rules
Snort::Rule is a Perl extension for dynamically building snort rules.

SYNOPSIS

use Snort::Rule;
$rule = Snort::Rule->new(
-action => 'alert',
-proto => 'tcp',
-src => 'any',
-sport => 'any',
-dir => '->',
-dst => '192.188.1.1',
-dport => '44444',
);

$rule->opts('msg','Test Rule"');
$rule->opts('threshold','type limit,track by_src,count 1,seconds 3600');
$rule->opts('sid','500000');

print $rule->string()."n";

OR

$rule = 'alert tcp $SMTP_SERVERS any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE POLICY SMTP US Top Secret PROPIN"; flow:to_server,established; content:"Subject|3A|"; pcre:"/(TOPsSECRET|TS)//[sw,/-]*PROPIN[sw,/-]*(?=//(25)?X[1-9])/ism"; classtype:policy-violation; sid:2002448; rev:1;)';

$rule = Snort::Rule->new(-parse => $rule);
print $rule->string()."n";


This is a very simple snort rule object. It was developed to allow for scripted dynamic rule creation. Ideally you could dynamically take a list of bad hosts and build an array of snort rule objects from that list. Then write that list using the string() method to a snort rules file.

last updated on:
September 2nd, 2006, 9:05 GMT
price:
FREE!
developed by:
Wes Young
license type:
Perl Artistic License 
category:
ROOT \ Programming \ Perl Modules

FREE!

In a hurry? Add it to your Download Basket!

user rating 2

UNRATED
1.0/5
 

0/5

Add your review!

SUBMIT