suricata-check is a command line utility to provide feedback on Suricata rules.
The tool can detect various issues including those covering syntax validity, interpretability, rule specificity, rule coverage, and efficiency.
- Choose a name for your extension (e.g.
suricata-check-foobar) and replacesuricata-check-extension-exampleby your chosen name in all folder names, file names, and file contents. Similarly, replacesuricata_check_extension_exampleby your chosen name with the dashes (-) substituted by underscores (_). - Rename
suricata_check_extension-example/checkers/example.pyand the class contained therein and make refactor accordingly in that file, and insuricata_check_extension-example/checkers/init.py. - Similarly, rename
tests/checkers/test_example.pyand adjust the reference to the renamed checker file/class in that file and intests/test_suricata_check.py. - Implement tests for your checker in
tests/checkers/test_example.pyand implement the checker insuricata_check_extension-example/checkers/example.py. - You can now package, distribute and install the extension like any other Python package. When installed, the extension will be automatically selected by
suricata-checkwhen ran from the command line.
If you would like to contribute, please check out CONTRIBUTING.md some helpful suggestions and instructions.
This project (Extension Example) is licensed under the Apache 2.0 license.