[Oisf-devel] Announcing an IDS/IPS rules parser
Xavier Lange
xrlange at gmail.com
Wed Mar 30 21:02:38 UTC 2011
We recently scratched an itch allowing us to take *.rules formatted
files and turn them into an array of hashes -- a simple translation
which makes all the difference when using rule data outside of the
IDS/IPS! The grammar has been tested successfully against the ET
ruleset.
The software is written for Ruby and uses a parsing expression
grammar. It provides easy access to the rule data through a) native
ruby structures, b) a file convertor for *.rules -> *.json. This could
be a good tool for putting rules in to your alert database.
Project page with documentation/code:
https://github.com/derdewey/ids_rules_parser
Please feel free to contact me though github if you have further
questions. Patches are welcome!
Xavier
More information about the Oisf-devel
mailing list