Esempi in Python per insertSnort

Linguaggio di programmazione: Python

Spazio dei nomi/nome del pacchetto: database

Metodo/funzione: insertSnort

Esempi su hotexamples.com: 3

insertSnort in Python: 3 esempi trovati. Questi sono i migliori esempi reali in Python per database.insertSnort, estratti da progetti open source. Li puoi valutare, per aiutarci a migliorare la qualità dei nostri esempi.

Esempio n. 1

Mostra file

def snortRule(md5, config_dict):
    rules = []
    domain = config_dict["Domain"]
    ipPattern = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
    ipTest = ipPattern.search(domain)
    if len(domain) > 1:
        if ipTest:
            rules.append(
                """alert tcp any any -> """
                + domain
                + """ any (msg: "ShadowTech Beacon Domain: """
                + domain
                + """"; classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)"""
            )
        else:
            rules.append(
                """alert udp any any -> any 53 (msg: "ShadowTech Beacon Domain: """
                + domain
                + """"; content:"|0e|"""
                + domain
                + """|00|"; nocase;  classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)"""
            )
            rules.append(
                """alert tcp any any -> any 53 (msg: "ShadowTech Beacon Domain: """
                + domain
                + """"; content:"|0e|"""
                + domain
                + """|00|"; nocase;  classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)"""
            )
    database.insertSnort(md5, rules)

Esempio n. 2

Mostra file

File: _jRat.py Progetto: Antelox/RATDecoders

def snortRule(md5, conf):
    rules = []
    domain = conf["Domain"]
    ipPattern = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
    ipTest = ipPattern.search(domain)
    if len(domain) > 1:
        if ipTest:
            rules.append('''alert tcp any any -> '''+domain+''' any (msg: "jRat Beacon Domain: '''+domain+'''"; classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)''')
        else:
            rules.append('''alert udp any any -> any 53 (msg: "jRat Beacon Domain: '''+domain+'''"; content:"|0e|'''+domain+'''|00|"; nocase;  classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)''') 
            rules.append('''alert tcp any any -> any 53 (msg: "jRat Beacon Domain: '''+domain+'''"; content:"|0e|'''+domain+'''|00|"; nocase;  classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)''')
    database.insertSnort(md5, rules)

Esempio n. 3

Mostra file

def snortRule(md5, dict):
    rules = []
    domain = dict["Domain"]
    ipPattern = re.compile("\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}")
    ipTest = ipPattern.search(domain)
    if len(domain) > 1:
        if ipTest:
            rules.append('''alert tcp any any -> '''+domain+''' any (msg: "VirusRat Beacon Domain: '''+domain+'''"; classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)''')
        else:
            rules.append('''alert udp any any -> any 53 (msg: "VirusRat Beacon Domain: '''+domain+'''"; content:"|0e|'''+domain+'''|00|"; nocase;  classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)''')
            rules.append('''alert tcp any any -> any 53 (msg: "VirusRat Beacon Domain: '''+domain+'''"; content:"|0e|'''+domain+'''|00|"; nocase;  classtype:trojan-activity; sid:5000000; rev:1; priority:1; reference:url,http://malwareconfig.com;)''')
    database.insertSnort(md5, rules)