in ingest_suricata_rules/rules_processor.py [0:0]
def replace_rule_vars_with_values(ruleset,dropped_ruleset):
# Drop Rules with undefined RuleVariables. Expand AllowedRuleVariables and define them if specific RuleVariables need to be allowed
new_ruleset = []
for rule in ruleset:
rule_str = str(rule)
rulevars=[word for word in rule_str.split()[:7] if ('$' in word) ]
for v in rulevars:
v = v.replace('$','').replace('!','')
if v not in AllowedRuleVariables:
rule_str = "# "+ rule_str # Comment the rule when parsed rule.enabled attribute is set to False.
dropped_ruleset.append(rule)
else:
for key,val in StaticRuleVariables.items():
rule_str = rule_str.replace(key,val)
new_ruleset.append(parse_rule(rule_str))
return new_ruleset,dropped_ruleset