Project

threshold

0.0
No commit activity in last 3 years
No release in over 3 years
There's a lot of open issues
An ORM to map to Snort 2.9.x threshold.conf files
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

~> 0.11.0
~> 1.0
 Project Readme

snort-thresholds

Join the chat at https://gitter.im/shadowbq/snort-thresholds Gem Version Gem

Threshold is an ORM to map to Snort 2.9.x threshold.conf files.

It currently supports all standalone snort filters generally found in a threshold configuration. These include suppressions, event_filters, and rate_filters as defined in Snort README.filters.

Code Status

Build Status Code Climate Test Coverage GitHub tag

Stable (travis-ci passing) tags are release as gems, but are NOT marked as stable-0.1.0 or the like.

Installation

$> gem install threshold

Usage

This is an example Threshold accessing /tmp/threshold.conf for loading, appending a new suppression, validiating the configuration, and writing the changes back to the file (flush).

2.1.2 :001 > require 'threshold'
 => true 
2.1.2 :002 > a = Threshold::Thresholds.new
 => [] 
2.1.2 :003 > a.file = '/tmp/threshold.conf'
 => "/tmp/threshold.conf" 
2.1.2 :004 > a.loadfile
 => [{"SUPPRESSION"=>["suppress gen_id 1, sig_id 2"], "GID"=>["1", nil, nil], "SID"=>["2", nil, nil]}, {"SUPPRESSION"=>["suppress gen_id 444, sig_id 2"], "GID"=>["444", nil, nil], "SID"=>["2", nil, nil]}] 
2.1.2 :005 > a.valid?
 => true 
2.1.2 :006 > b = Threshold::Suppression.new
 => #<Threshold::Suppression:0x00000002a576f0> 
2.1.2 :007 > b.gid=124
 => 124 
2.1.2 :008 > b.sid=45544
 => 45544 
2.1.2 :009 > a << b
 => [#<Threshold::Suppression:0x00000002a87b98 @gid=1, @sid=2>, #<Threshold::Suppression:0x00000002a846c8 @gid=444, @sid=2>, #<Threshold::Suppression:0x00000002a576f0 @gid=124, @sid=45544>] 
2.1.2 :010 > a.flush
 => true 

Filtering the Threshold Object can be achieved with common Array like methods. (ex. reject )

require 'threshold'
a = Threshold::Thresholds.new
a.file = '/tmp/threshold.conf'
a.loadfile
a = a.reject{|t| t.gid==1}

Contibuting

Credits