Skip to content

rkoumis/aristotle

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

21 Commits
aristotle
aristotle
 
 
docs
docs
 
 
examples
examples
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.rst
README.rst
 
 
aristotle.py
aristotle.py
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Aristotle

Aristotle is a simple Python program that allows for the filtering of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule. It can be run as a standalone script or utilized as a library.

Documentation

https://aristotle-py.readthedocs.io/

Application Overview

Aristotle takes in a ruleset and can provide statistics on the included metadata keys. If a filter string is provided, it will also be applied against the ruleset and the filtered ruleset outputted.

Aristotle is compatible with Python 2.7 and Python 3.x.

In order for Aristotle to be useful, it must be provided a ruleset that has rules with the metadata keyword populated with appropriate key-value pairs. Aristotle assumes that the provided ruleset conforms to the BETTER Schema.

Setup

Install dependencies:

pip install -r requirements.txt

Or if using as a library:

pip install aristotle

And refer to Aristotle as a Library.

Usage

usage: aristotle.py [-h] -r RULES [-f METADATA_FILTER] [--summary]
                    [-o OUTFILE] [-s [STATS [STATS ...]]] [-i] [-q] [-d]

optional arguments:
  -h, --help            show this help message and exit
  -r RULES, --rules RULES, --ruleset RULES
                        path to rules file or string containing the ruleset
                        (default: None)
  -f METADATA_FILTER, --filter METADATA_FILTER
                        Boolean filter string or path to a file containing it
                        (default: None)
  --summary             output a summary of the filtered ruleset to stdout; if
                        an output file is given, the full, filtered ruleset
                        will still be written to it. (default: False)
  -o OUTFILE, --output OUTFILE
                        output file to write filtered ruleset to (default:
                        <stdout>)
  -s [STATS [STATS ...]], --stats [STATS [STATS ...]]
                        display ruleset statistics about specified key(s). If
                        no key(s) supplied, then summary statistics for all
                        keys will be displayed. (default: None)
  -i, --include-disabled
                        include (effectively enable) disabled rules when
                        applying the filter (default: False)
  -q, --quiet, --suppress_warnings
                        quiet; suppress warning logging (default: False)
  -d, --debug           turn on debug logging (default: False)

License

Aristotle is licensed under the Apache License, Version 2.0.

Authors

  • David Wharton

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Python 100.0%