suricata_check.checkers.principle
=================================

.. py:module:: suricata_check.checkers.principle

.. autoapi-nested-parse::

   The `suricata_check.checkers.principle` modules contains several checkers based on the Ruling the Unruly paper.

   Reference: TODO



Submodules
----------

.. toctree::
   :maxdepth: 1

   /autoapi/suricata_check/checkers/principle/ml/index
   /autoapi/suricata_check/checkers/principle/principle/index


Classes
-------

.. autoapisummary::

   suricata_check.checkers.principle.PrincipleChecker
   suricata_check.checkers.principle.PrincipleMLChecker


Package Contents
----------------

.. py:class:: PrincipleChecker(include: Optional[collections.abc.Iterable[str]] = None)

   Bases: :py:obj:`suricata_check.checkers.interface.checker.CheckerInterface`


   The `PrincipleChecker` contains several checks based on the Ruling the Unruly paper and target specificity and coverage.

   Codes P000-P009 report on non-adherence to rule design principles.

   Specifically, the `PrincipleChecker` checks for the following:
       P000: No Limited Proxy, the rule does not detect a characteristic that relates directly to a malicious action,
       making it potentially noisy.

       P001: No Successful Malicious Action, the rule does not distinguish between successful and unsuccessful malicious
       actions, making it potentially noisy.

       P002: No Alert Throttling, the rule does not utilize the threshold limit option` to prevent alert flooding,
       making it potentially noisy.

       P003: No Exceptions, the rule does not include any exceptions for commom benign traffic,
       making it potentially noisy.

       P004: No Generalized Characteristic, the rule does detect a characteristic that is so specific
       that it is unlikely generalize.

       P005: No Generalized Position, the rule does detect the characteristic in a fixed position
       that and is unlikely to generalize as a result.

   Initializes the checker given a list of issue codes to emit.


   .. py:attribute:: codes

      A Mapping of issue codes emitted by the checker to metadata for those issue types.
      The metadata is structured in the form of a Mapping from attribute name to attribute value.
      The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module



.. py:class:: PrincipleMLChecker(include: Optional[collections.abc.Iterable[str]] = None)

   Bases: :py:obj:`suricata_check.checkers.interface.dummy.DummyChecker`


   Dummy class to prevent runtime errors on import.

   Log an error due to failed imports for the checker.