3 # Simple script to get a short brief of every rule in OSSEC rules folder
4 # Written Feb 25, 2016 and released under the GNU/GPLv2 license ##
5 # By pedro@wazuh.com @ Wazuh, Inc.
11 rules_directory = "/var/ossec/rules/"
13 def GetRulesList(fulldir, filename):
19 pattern_idlevel = re.compile(r'<rule id="(.+?)".+level="(.+?)"')
20 pattern_description = re.compile(r'<description>(.+?)</description>')
21 pattern_endrule = re.compile(r'</rule>')
23 with open(fulldir) as f:
26 if rule_detected == 0:
27 match = re.findall(pattern_idlevel, line)
33 if rule_description == 0:
34 match = re.findall(pattern_description, line)
37 description = match[0]
38 if rule_description == 1:
39 match = re.findall(pattern_endrule, line)
41 print "%s - Rule %s - Level %s -> %s" % (filename,sidid,level,description)
47 except EnvironmentError:
48 print ("Error: OSSEC rules directory does not appear to exist")
50 if __name__ == "__main__":
51 print ("Reading rules from directory %s") % (rules_directory)
52 for root, directories, filenames in os.walk(rules_directory):
53 for filename in filenames:
54 if filename[-4:] == ".xml":
55 GetRulesList(os.path.join(root,filename), filename)