class documentation
Class representing a rule.
The Rule class is a class that also acts like a dictionary.
Dictionary fields:
- group: The group the rule belongs to, typically the filename.
- enabled: True if rule is enabled (uncommented), False is disabled (commented)
- action: The action of the rule (alert, pass, etc) as a string
- proto: The protocol string of the rule.
- source_addr: The source address string of the rule.
- source_port: The source ports string of the rule.
- direction: The direction string of the rule.
- dest_addr: The destination address string of the rule.
- dest_port: The destination ports string of the rule.
- gid: The gid of the rule as an integer
- sid: The sid of the rule as an integer
- rev: The revision of the rule as an integer
- msg: The rule message as a string
- flowbits: List of flowbit options in the rule
- metadata: Metadata values as a list
- references: References as a list
- classtype: The classification type
- priority: The rule priority, 0 if not provided
- raw: The raw rule as read from the file or buffer
Parameters | |
enabled | Optional parameter to set the enabled state of the rule |
action | Optional parameter to set the action of the rule |
group | Optional parameter to set the group (filename) of the rule |
Method | __getattr__ |
Undocumented |
Method | __hash__ |
Undocumented |
Method | __init__ |
Undocumented |
Method | __str__ |
The string representation of the rule. |
Method | brief |
A brief description of the rule. |
Method | format |
Undocumented |
Method | rebuild |
Rebuild the rule options from the list of options. |
Property | id |
The ID of the rule. |
Property | idstr |
Return the gid and sid of the rule as a string formatted like: '[GID:SID]' |