class documentation

Class representing a rule.

The Rule class is a class that also acts like a dictionary.

Dictionary fields:

  • group: The group the rule belongs to, typically the filename.
  • enabled: True if rule is enabled (uncommented), False is disabled (commented)
  • action: The action of the rule (alert, pass, etc) as a string
  • proto: The protocol string of the rule.
  • source_addr: The source address string of the rule.
  • source_port: The source ports string of the rule.
  • direction: The direction string of the rule.
  • dest_addr: The destination address string of the rule.
  • dest_port: The destination ports string of the rule.
  • gid: The gid of the rule as an integer
  • sid: The sid of the rule as an integer
  • rev: The revision of the rule as an integer
  • msg: The rule message as a string
  • flowbits: List of flowbit options in the rule
  • metadata: Metadata values as a list
  • references: References as a list
  • classtype: The classification type
  • priority: The rule priority, 0 if not provided
  • raw: The raw rule as read from the file or buffer
Parameters
enabledOptional parameter to set the enabled state of the rule
actionOptional parameter to set the action of the rule
groupOptional parameter to set the group (filename) of the rule
Method __getattr__ Undocumented
Method __hash__ Undocumented
Method __init__ Undocumented
Method __str__ The string representation of the rule.
Method brief A brief description of the rule.
Method format Undocumented
Method rebuild_options Rebuild the rule options from the list of options.
Property id The ID of the rule.
Property idstr Return the gid and sid of the rule as a string formatted like: '[GID:SID]'
def __getattr__(self, name): (source)

Undocumented

def __hash__(self): (source)

Undocumented

def __init__(self, enabled=None, action=None, group=None): (source)

Undocumented

def __str__(self): (source)

The string representation of the rule.

If the rule is disabled it will be returned as commented out.

def brief(self): (source)

A brief description of the rule.

Returns
stringA brief description of the rule
def format(self): (source)

Undocumented

def rebuild_options(self): (source)

Rebuild the rule options from the list of options.

@property
id: A tuple of 2 ints = (source)

The ID of the rule.

Returns
A tuple (gid, sid) representing the ID of the rule

Return the gid and sid of the rule as a string formatted like: '[GID:SID]'