suricata_check ============== .. py:module:: suricata_check .. autoapi-nested-parse:: `suricata_check` is a module and command line utility to provide feedback on Suricata rules. Submodules ---------- .. toctree:: :maxdepth: 1 /autoapi/suricata_check/__main__/index /autoapi/suricata_check/checkers/index /autoapi/suricata_check/suricata_check/index /autoapi/suricata_check/tests/index /autoapi/suricata_check/utils/index Functions --------- .. autoapisummary:: suricata_check.analyze_rule suricata_check.get_checkers suricata_check.main suricata_check.process_rules_file Package Contents ---------------- .. py:function:: analyze_rule(rule: idstools.rule.Rule, checkers: Optional[collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface]] = None, ignore: Optional[collections.abc.Sequence[str]] = None) -> suricata_check.utils.checker_typing.RuleReport Checks a rule and returns a dictionary containing the rule and a list of issues found. Args: rule: The rule to be checked. checkers: The checkers to be used to check the rule. ignore: Regular expressions to match checker codes to ignore Returns: A list of issues found in the rule. Each issue is typed as a `dict`. Raises: InvalidRuleError: If the rule does not follow the Suricata syntax. .. py:function:: get_checkers(include: collections.abc.Sequence[str] = ('.*', ), exclude: collections.abc.Sequence[str] = (), issue_severity: int = logging.INFO) -> collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface] Auto discovers all available checkers that implement the CheckerInterface. Returns: A list of available checkers that implement the CheckerInterface. .. py:function:: main(**kwargs: dict[str, Any]) -> None The `suricata-check` command processes all rules inside a rules file and outputs a list of detected issues. Raises: BadParameter: If provided arguments are invalid. RuntimeError: If no checkers could be automatically discovered. .. py:function:: process_rules_file(rules: str, evaluate_disabled: bool, checkers: Optional[collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface]] = None) -> suricata_check.utils.checker_typing.OutputReport Processes a rule file and returns a list of rules and their issues. Args: rules: A path to a Suricata rules file. evaluate_disabled: A flag indicating whether disabled rules should be evaluated. checkers: The checkers to be used when processing the rule file. Returns: A list of rules and their issues. Raises: RuntimeError: If no checkers could be automatically discovered.