Snort::RuleSnort::Rule is a Perl extension for dynamically building snort rules. | |
Download |
Snort::Rule Ranking & Summary
Advertisement
- License:
- Perl Artistic License
- Price:
- FREE
- Publisher Name:
- Wes Young
- Publisher web site:
- http://search.cpan.org/~saxjazman/Snort-Rule-1.03/lib/Snort/Rule.pm
Snort::Rule Tags
Snort::Rule Description
Snort::Rule is a Perl extension for dynamically building snort rules. Snort::Rule is a Perl extension for dynamically building snort rules.SYNOPSIS use Snort::Rule; $rule = Snort::Rule->new( -action => 'alert', -proto => 'tcp', -src => 'any', -sport => 'any', -dir => '->', -dst => '192.188.1.1', -dport => '44444', ); $rule->opts('msg','Test Rule"'); $rule->opts('threshold','type limit,track by_src,count 1,seconds 3600'); $rule->opts('sid','500000'); print $rule->string()."n"; OR $rule = 'alert tcp $SMTP_SERVERS any -> $EXTERNAL_NET 25 (msg:"BLEEDING-EDGE POLICY SMTP US Top Secret PROPIN"; flow:to_server,established; content:"Subject|3A|"; pcre:"/(TOPsSECRET|TS)//*PROPIN*(?=//(25)?X)/ism"; classtype:policy-violation; sid:2002448; rev:1;)'; $rule = Snort::Rule->new(-parse => $rule); print $rule->string()."n";This is a very simple snort rule object. It was developed to allow for scripted dynamic rule creation. Ideally you could dynamically take a list of bad hosts and build an array of snort rule objects from that list. Then write that list using the string() method to a snort rules file. Requirements: · Perl
Snort::Rule Related Software