diff options
Diffstat (limited to 'samples/services/snort_ids/docker/grpc/snort_client.py')
-rw-r--r-- | samples/services/snort_ids/docker/grpc/snort_client.py | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/samples/services/snort_ids/docker/grpc/snort_client.py b/samples/services/snort_ids/docker/grpc/snort_client.py index d59b4ee..ca71af8 100644 --- a/samples/services/snort_ids/docker/grpc/snort_client.py +++ b/samples/services/snort_ids/docker/grpc/snort_client.py @@ -30,6 +30,8 @@ def run(args, grpc_port='50052'): return add_tcprule(stub) elif args['cmd'] == 'addicmp': return add_icmprule(stub) + elif args['cmd'] == 'addscan': + return add_scanrule(stub) elif args['cmd'] == 'start': return start_snort(stub) elif args['cmd'] == 'stop': @@ -78,6 +80,20 @@ def add_icmprule(stub): return response.message +def add_scanrule(stub): + try: + response = stub.AddRules(snort_pb2.AddRule( + protocol='tcp', dest_port='any', dest_ip='$HOME_NET', + src_port='any', src_ip='any', + msg='MALWARE-CNC User-Agent ASafaWeb Scan', sid='10000003', + rev='001', content='"asafaweb.com"')) + print(stop_snort(stub)) + print(start_snort(stub)) + except Exception as e: + return e + return response.message + + def start_snort(stub): try: response = stub.StartSnort(snort_pb2.ControlSnort(pid='0')) |