def _make_rule(self, **kwargs): rule = SnortRule() rule.msg = '"Trojan.Gen"' content = kwargs.get('content') uricontent = kwargs.get('uricontent') dst_port = kwargs.get('dst_port') ref = kwargs.get('ref') protocol = kwargs.get('protocol') dst_port = kwargs.get('dst_port') if protocol is not None: rule.protocol = protocol if dst_port is not None: rule.dst_port = dst_port if content is not None: rule.content = content if uricontent is not None and uricontent != '/': rule.uricontent = uricontent if ref is not None: rule.ref = ref # pattern['sid'] = sid self.rules.append(rule) self._log_rules(rule, ref[0].split(',')[-1])
def _make_rule(self, **kwargs): rule = SnortRule() rule.msg = '"Trojan.Gen"' content = kwargs.get('content') uricontent = kwargs.get('uricontent') dst_port = kwargs.get('dst_port') ref = kwargs.get('ref') protocol = kwargs.get('protocol') dst_port = kwargs.get('dst_port') if protocol is not None: rule.protocol = protocol if dst_port is not None: rule.dst_port = dst_port if content is not None: rule.content = content if uricontent is not None and uricontent != '/': rule.uricontent = uricontent if ref is not None: rule.ref = ref # pattern['sid'] = sid self.rules.append(rule) self._log_rules(rule, ref[0].split(',')[-1])