gonids is a library to parse IDS rules, with a focus primarily on Suricata rule compatibility. There is a discussion forum available that you can join on Google Groups: https://groups.google.com/forum/#!topic/gonids/
Apache License 2.0
179
stars
48
forks
source link
Fix issues with parsing of raw network and port definitions. #166
address most of the network parsing issues on ET OPEN ruleset.
This leaves one known issue around the validity of port value 0.
We currently consider this invalid, but it's used infrequently the ET OPEN ruleset, needs consideration.
duanehoward
commented
3 years ago
address most of the network parsing issues on ET OPEN ruleset. This leaves one known issue around the validity of port value
0. We currently consider this invalid, but it's used infrequently the ET OPEN ruleset, needs consideration.