in ingest_suricata_rules/convert_ids_ips.py [0:0]
def convert_ids_ips(ruleset):
ips_rules = []
for rule in ruleset:
# Function assumes the passed ruleset is already processed by ANFSuricataRulesProcessor lambda and has valid ruleset compatible with ANF
if rule.action == "alert":
ips_rule = str(rule).replace("alert","drop",1)
parsed_rule = parse_rule(ips_rule)
ips_rules.append(parsed_rule)
else:
ips_rules.append(rule)
return ips_rules