colander_data_converter.base.types.detection_rule
- class colander_data_converter.base.types.detection_rule.DetectionRuleType[source]
Bases:
CommonEntityTypeDetectionRuleType represents metadata for detection rules in Colander. Check the list of supported types.
Example
>>> detection_rule_type = DetectionRuleTypes.YARA.value >>> print(detection_rule_type.name) Yara rule
- Fields:
- Validators:
is_supported_type»short_name
- class colander_data_converter.base.types.detection_rule.DetectionRuleTypes(*values)[source]
Bases:
EnumDetectionRuleTypes provides access to all supported detection rule types.
This class loads detection rule type definitions from the detection rule types JSON file and exposes them as an enum. It also provides a method to look up a detection rule type by its short name.
Example
>>> detection_rule_type = DetectionRuleTypes.YARA.value >>> print(detection_rule_type.name) Yara rule >>> default_type = DetectionRuleTypes.by_short_name("nonexistent") >>> print(default_type.name) Generic
- GENERIC = GENERIC
Generic - A general or unspecified detection rule type that does not fit other categories.
- SURICATA = SURICATA
Suricata rule - A rule for the Suricata engine to detect network threats and suspicious traffic.
- YARA = YARA
Yara rule - A rule used to identify and classify malware or files based on patterns.
- default = GENERIC