-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: extract ruleset when parsing #42
Comments
I'm not to sure about this one. I don't like to make guesses or assumptions. Do you have an example use case in mind? If using the parser as a library in your own tool, I think its easy enough to add something like this post-parsing, but I don't think its deterministic enough to bake in. |
This was referenced Mar 21, 2017
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
Rule
object has noruleset
attribute.Examples:
is from ET ruleset
is from SNORT GPL
Usually the ruleset is the first word in the
Rule.msg
attribute, so it should not be difficult to extract. If someone does not use this convention it should be possible to opt-out this parsing function, maybe letting the parser get this value as an optional argument.The text was updated successfully, but these errors were encountered: