Exemplos de SnortRule em Python

Exemplo n.º 1

Arquivo: rule_engine.py Projeto: zhoucj93/malware

 def _make_rule(self, content, uricontent, dst_port, sid=0):
     rule = SnortRule()
     pattern = dict()
     pattern['msg'] = '"Trojan.Gen.uricontent"'
     pattern['content'] = ['"{host}"'.format(host=content), 'nocase']
     pattern['uricontent'] = ['"{uri}"'.format(uri=uricontent), 'nocase']
     # pattern['sid'] = sid
     pattern['dst_port'] = dst_port
     rule.set_malicious_pattern(**pattern)
     return rule

Exemplo n.º 2

Arquivo: rule_engine.py Projeto: Cbrdiv/malware

 def _make_rule(self, content, uricontent, dst_port, sid=0):
     rule = SnortRule()
     pattern = dict()
     pattern['msg'] = '"Trojan.Gen.uricontent"'
     pattern['content'] = ['"{host}"'.format(host=content), 'nocase']
     pattern['uricontent'] = ['"{uri}"'.format(uri=uricontent), 'nocase']
     # pattern['sid'] = sid
     pattern['dst_port'] = dst_port
     rule.set_malicious_pattern(**pattern)
     return rule

Exemplo n.º 3

    def _make_rule(self, **kwargs):
        rule = SnortRule()
        rule.msg = '"Trojan.Gen"'

        content = kwargs.get('content')
        uricontent = kwargs.get('uricontent')
        dst_port = kwargs.get('dst_port')
        ref = kwargs.get('ref')
        protocol = kwargs.get('protocol')
        dst_port = kwargs.get('dst_port')

        if protocol is not None:
            rule.protocol = protocol
        if dst_port is not None:
            rule.dst_port = dst_port
        if content is not None:
            rule.content = content
        if uricontent is not None and uricontent != '/':
            rule.uricontent = uricontent
        if ref is not None:
            rule.ref = ref
        # pattern['sid'] = sid

        self.rules.append(rule)
        self._log_rules(rule, ref[0].split(',')[-1])

Exemplo n.º 4

Arquivo: ruleEngine.py Projeto: Cbrdiv/malware

    def _make_rule(self, **kwargs):
        rule = SnortRule()
        rule.msg = '"Trojan.Gen"'

        content = kwargs.get('content')
        uricontent = kwargs.get('uricontent')
        dst_port = kwargs.get('dst_port')
        ref = kwargs.get('ref')
        protocol = kwargs.get('protocol')
        dst_port = kwargs.get('dst_port')

        if protocol is not None:
            rule.protocol = protocol
        if dst_port is not None:
            rule.dst_port = dst_port
        if content is not None:
            rule.content = content
        if uricontent is not None and uricontent != '/':
            rule.uricontent = uricontent
        if ref is not None:
            rule.ref = ref
        # pattern['sid'] = sid

        self.rules.append(rule)
        self._log_rules(rule, ref[0].split(',')[-1])