[Oisf-devel] Announcing an IDS/IPS rules parser

Xavier Lange xrlange at gmail.com
Wed Mar 30 21:02:38 UTC 2011


We recently scratched an itch allowing us to take *.rules formatted
files and turn them into an array of hashes -- a simple translation
which makes all the difference when using rule data outside of the
IDS/IPS! The grammar has been tested successfully against the ET
ruleset.

The software is written for Ruby and uses a parsing expression
grammar. It provides easy access to the rule data through a) native
ruby structures, b) a file convertor for *.rules -> *.json. This could
be a good tool for putting rules in to your alert database.

Project page with documentation/code:
https://github.com/derdewey/ids_rules_parser

Please feel free to contact me though github if you have further
questions. Patches are welcome!

Xavier



More information about the Oisf-devel mailing list