suricata_check.checkers.principle.ml
====================================

.. py:module:: suricata_check.checkers.principle.ml

.. autoapi-nested-parse::

   `PrincipleMLChecker`.



Classes
-------

.. autoapisummary::

   suricata_check.checkers.principle.ml.PrincipleMLChecker


Module Contents
---------------

.. py:class:: PrincipleMLChecker(include: Optional[collections.abc.Iterable[str]] = None)

   Bases: :py:obj:`suricata_check.checkers.interface.checker.CheckerInterface`


   The `PrincipleChecker` contains several checks based on the Ruling the Unruly paper and target specificity and coverage.

   Codes Q000-Q009 report on non-adherence to rule design principles similar to Q000-Q009.
   Differently, they are the result of machine learning analysis of the rules.

   Initializes the checker given a list of issue codes to emit.


   .. py:method:: __getnewargs__() -> tuple

      Returns the arguments to be passed to the __new__ method when unpickling.



   .. py:method:: train(df: pandas.DataFrame, rule_col: str = 'rule.rule', principle_cols: dict[str, str] = {'Q000': 'labelled.no_proxy', 'Q001': 'labelled.success', 'Q002': 'labelled.thresholded', 'Q003': 'labelled.exceptions', 'Q004': 'labelled.generalized_match_content', 'Q005': 'labelled.generalized_match_location'}, reuse_models: bool = False) -> None

      Train several models for the checker to detect issues in rules.

      The checker class with trained models is stored in a pickle file (`_PICKLE_PATH`).



   .. py:attribute:: codes

      A Mapping of issue codes emitted by the checker to metadata for those issue types.
      The metadata is structured in the form of a Mapping from attribute name to attribute value.
      The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module



   .. py:attribute:: enabled_by_default
      :value: False


      A boolean indicating if the checker is enabled by default when discovered automatically.