suricata_check.suricata_check

The suricata_check.suricata_check module contains the command line utility and the main program logic.

Functions

`analyze_rule`(...)	Checks a rule and returns a dictionary containing the rule and a list of issues found.
`get_checkers`(, exclude, issue_severity)	Auto discovers all available checkers that implement the CheckerInterface.
`main`(→ None)	The suricata-check command processes all rules inside a rules file and outputs a list of detected issues.
`process_rules_file`(...)	Processes a rule file and returns a list of rules and their issues.

Module Contents

suricata_check.suricata_check.analyze_rule(rule: idstools.rule.Rule, checkers: collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface] | None = None, ignore: collections.abc.Sequence[str] | None = None) → suricata_check.utils.checker_typing.RuleReport[source]

Checks a rule and returns a dictionary containing the rule and a list of issues found.

Args: rule: The rule to be checked. checkers: The checkers to be used to check the rule. ignore: Regular expressions to match checker codes to ignore

Returns: A list of issues found in the rule. Each issue is typed as a dict.

Raises: InvalidRuleError: If the rule does not follow the Suricata syntax.

suricata_check.suricata_check.get_checkers(include: collections.abc.Sequence[str] = ('.*',), exclude: collections.abc.Sequence[str] = (), issue_severity: int = logging.INFO) → collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface][source]

Auto discovers all available checkers that implement the CheckerInterface.

Returns: A list of available checkers that implement the CheckerInterface.

suricata_check.suricata_check.main(**kwargs: dict[str, Any]) → None

The suricata-check command processes all rules inside a rules file and outputs a list of detected issues.

Raises:

BadParameter: If provided arguments are invalid.

RuntimeError: If no checkers could be automatically discovered.

suricata_check.suricata_check.process_rules_file(rules: str, evaluate_disabled: bool, checkers: collections.abc.Sequence[suricata_check.checkers.interface.CheckerInterface] | None = None) → suricata_check.utils.checker_typing.OutputReport[source]

Processes a rule file and returns a list of rules and their issues.

Args: rules: A path to a Suricata rules file. evaluate_disabled: A flag indicating whether disabled rules should be evaluated. checkers: The checkers to be used when processing the rule file.

Returns:: A list of rules and their issues.
Raises:: RuntimeError: If no checkers could be automatically discovered.