snortparser
snortparser copied to clipboard
g-rd
Snort rule parser/validator written in python.
Hey, these are the snort3-community-rules rules from https://www.snort.org/downloads/#rule-downloads Exception: Snort rule header is malformed ['alert', 'http'] alert http ( msg:"MALWARE-CNC HttpBrowser User-Agent outbound communication attmept"; flow:to_server,established; http_header:field user-agent; content:"HttpBrowser/1.0",fast_pattern,nocase; metadata:impact_flag...
Hi, The code doesn't validate the following rule: alert tcp any xany -> any any (msg:"xyz"; sid:20000001; content:"xyz"); Snort's error for the above rule: Unable to process the IP address:...
When parsing rules I would like $HOME_NET generically defined without an IP address associated with it. I am testing SNORT rule files which have only the variables defined. How can...
