suricata_check

suricata_check is a module and command line utility to provide feedback on Suricata rules.

Submodules

• suricata_check.__main__
• suricata_check.checkers
• suricata_check.suricata_check
• suricata_check.tests
• suricata_check.utils

Functions

analyze_rule(...)	Checks a rule and returns a dictionary containing the rule and a list of issues found.
get_checkers(, exclude, issue_severity)	Auto discovers all available checkers that implement the CheckerInterface.
main(, exclude, Ellipsis] = ) → None)	The suricata-check command processes all rules inside a rules file and outputs a list of detected issues.
process_rules_file(...)	Processes a rule file and returns a list of rules and their issues.

Package Contents

suricata_check.analyze_rule(rule: idstools.rule.Rule, checkers: collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface] | None = None) → suricata_check.utils.checker_typing.RuleReport

Checks a rule and returns a dictionary containing the rule and a list of issues found.

Args: rule: The rule to be checked. checkers: The checkers to be used to check the rule.

Returns: A list of issues found in the rule. Each issue is typed as a dict.

Raises: InvalidRuleError: If the rule does not follow the Suricata syntax.

suricata_check.get_checkers(include: collections.abc.Sequence[str] = ('.*',), exclude: collections.abc.Sequence[str] = (), issue_severity: int = logging.INFO) → collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface]

Auto discovers all available checkers that implement the CheckerInterface.

Returns: A list of available checkers that implement the CheckerInterface.

suricata_check.main(rules: str = '.', single_rule: str | None = None, out: str = '.', log_level: LogLevel = 'DEBUG', gitlab: bool = False, github: bool = False, evaluate_disabled: bool = False, issue_severity: LogLevel = 'INFO', include_all: bool = False, include: tuple[str, Ellipsis] = (), exclude: tuple[str, Ellipsis] = ()) → None

The suricata-check command processes all rules inside a rules file and outputs a list of detected issues.

Raises:

BadParameter: If provided arguments are invalid.

RuntimeError: If no checkers could be automatically discovered.

suricata_check.process_rules_file(rules: str, evaluate_disabled: bool, checkers: collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface] | None = None) → suricata_check.utils.checker_typing.OutputReport

Processes a rule file and returns a list of rules and their issues.

Args: rules: A path to a Suricata rules file. evaluate_disabled: A flag indicating whether disabled rules should be evaluated. checkers: The checkers to be used when processing the rule file.

Returns:

A list of rules and their issues.

Raises:

RuntimeError: If no checkers could be automatically discovered.