[Oisf-devel] Announcing an IDS/IPS rules parser

Xavier Lange xrlange at gmail.com
Wed Mar 30 21:02:38 UTC 2011

We recently scratched an itch allowing us to take *.rules formatted
files and turn them into an array of hashes -- a simple translation
which makes all the difference when using rule data outside of the
IDS/IPS! The grammar has been tested successfully against the ET

The software is written for Ruby and uses a parsing expression
grammar. It provides easy access to the rule data through a) native
ruby structures, b) a file convertor for *.rules -> *.json. This could
be a good tool for putting rules in to your alert database.

Project page with documentation/code:

Please feel free to contact me though github if you have further
questions. Patches are welcome!


More information about the Oisf-devel mailing list