is there any API or python lib for suricata? I’m building an application with pyqt/pyside which can manage suricata rules and log analyst.
Have you examined suricatasc yet? It’s in our githup repo within the python subdirectory and can be used to manage some aspects of Suricata’s lifecycle – rule reload, etc.
thanks, but suricatasc didn’t have the function i want, are there any tools to help you configure suricata.yaml? I’m trying to make a application with GUI to let users to controls yaml without manually go to the yaml itself
What sort of functions are you after? Suricata itself doesn’t provide any functionality to help with the editing of suricata.yaml, that is something you’ll have to take care of yourself. It is YAML, so you can use the Python yaml module to parse it.
Suricata can then be used to test the configuration you output with the -T command line module, this is what Suricata-Update does to test new rules, but it also tests the suricata.yaml as well. Suricata-Update is written in Python as well, and integrates with Suricata just using the subprocess module.