Metadata-Version: 2.1
Name: aristotle
Version: 1.0.5
Summary: Script and library for the viewing and filtering of Suricata and Snort rulesets based on interpreted key-value pairs present in the metadata keyword within each rule.
Home-page: https://github.com/secureworks/aristotle
Author: David Wharton
License: UNKNOWN
Project-URL: Documentation, https://aristotle-py.readthedocs.io/
Project-URL: Source, https://github.com/secureworks/aristotle
Description: =========
        Aristotle
        =========
        
        Aristotle is a simple Python program that allows for the filtering of
        Suricata and Snort rulesets based on interpreted key-value pairs present
        in the metadata keyword within each rule. It can be run as a standalone
        script or utilized as a module.
        
        Documentation
        =============
        
        `<https://aristotle-py.readthedocs.io/>`__
        
        Application Overview
        ====================
        
        Aristotle takes in a ruleset and can provide statistics on the included
        metadata keys. If a filter string is provided, it will also be applied
        against the ruleset and the filtered ruleset outputted.
        
        Aristotle is compatible with Python 2.7 and Python 3.x.
        
        +------------------------------------------------------------------------------------+
        | In order for Aristotle to be useful, it must be provided a ruleset that            |
        | has rules with the metadata keyword populated with appropriate key-value           |
        | pairs. Aristotle assumes that the provided ruleset conforms to the                 |
        | `BETTER Schema <https://better-schema.readthedocs.io/>`__.                         |
        +------------------------------------------------------------------------------------+
        
        Setup
        =====
        
        Install dependencies:
        
        ``pip install -r requirements.txt``
        
        Or if using as a module:
        
        ``pip install aristotle``
        
        And refer to `Aristotle as a Module <https://aristotle-py.readthedocs.io/en/latest/module.html>`__.
        
        Usage
        =====
        
        .. code:: text
        
          usage: aristotle.py [-h] -r RULES [-f METADATA_FILTER] [--summary]
                              [-o OUTFILE] [-s [STATS [STATS ...]]] [-i] [-q] [-d]
        
          optional arguments:
            -h, --help            show this help message and exit
            -r RULES, --rules RULES, --ruleset RULES
                                  path to rules file or string containing the ruleset
                                  (default: None)
            -f METADATA_FILTER, --filter METADATA_FILTER
                                  Boolean filter string or path to a file containing it
                                  (default: None)
            --summary             output a summary of the filtered ruleset to stdout; if
                                  an output file is given, the full, filtered ruleset
                                  will still be written to it. (default: False)
            -o OUTFILE, --output OUTFILE
                                  output file to write filtered ruleset to (default:
                                  <stdout>)
            -s [STATS [STATS ...]], --stats [STATS [STATS ...]]
                                  display ruleset statistics about specified key(s). If
                                  no key(s) supplied, then summary statistics for all
                                  keys will be displayed. (default: None)
            -i, --include-disabled
                                  include (effectively enable) disabled rules when
                                  applying the filter (default: False)
            -q, --quiet, --suppress_warnings
                                  quiet; suppress warning logging (default: False)
            -d, --debug           turn on debug logging (default: False)
        
        License
        =======
        
        Aristotle is licensed under the `Apache License, Version 2.0 <https://github.com/secureworks/aristotle/blob/master/LICENSE>`__.
        
        Authors
        =======
        
        -  David Wharton
        
Keywords: suricata,snort,metadata,ruleset,BETTER,IDS,IPS,signatures
Platform: UNKNOWN
Classifier: Development Status :: 5 - Production/Stable
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: Developers
Classifier: Topic :: System :: Networking :: Monitoring
Classifier: Topic :: System :: Networking :: Firewalls
Requires-Python: >=2.7
Description-Content-Type: text/x-rst
