def _make_rule(self, content, uricontent, dst_port, sid=0): rule = SnortRule() pattern = dict() pattern['msg'] = '"Trojan.Gen.uricontent"' pattern['content'] = ['"{host}"'.format(host=content), 'nocase'] pattern['uricontent'] = ['"{uri}"'.format(uri=uricontent), 'nocase'] # pattern['sid'] = sid pattern['dst_port'] = dst_port rule.set_malicious_pattern(**pattern) return rule
def _make_rule(self, **kwargs): rule = SnortRule() rule.msg = '"Trojan.Gen"' content = kwargs.get('content') uricontent = kwargs.get('uricontent') dst_port = kwargs.get('dst_port') ref = kwargs.get('ref') protocol = kwargs.get('protocol') dst_port = kwargs.get('dst_port') if protocol is not None: rule.protocol = protocol if dst_port is not None: rule.dst_port = dst_port if content is not None: rule.content = content if uricontent is not None and uricontent != '/': rule.uricontent = uricontent if ref is not None: rule.ref = ref # pattern['sid'] = sid self.rules.append(rule) self._log_rules(rule, ref[0].split(',')[-1])