Aristotle as a Module

If the module is installed, Aristotle can be invoked from the command line and run like a script, e.g.:

python3 -m aristotle -r examples/example.rules --stats

Of course, Aristotle can be imported and used like a normal module:

import aristotle

For logging and/or output, attach to the logger named aristotle and add desired Handler(s), e.g.:

logger = logging.getLogger("aristotle")
logger.addHandler(logging.StreamHandler())

To use, create a Ruleset object and pass it a string containing the ruleset or a filename of a ruleset, along with a filter string. Then call the Ruleset object’s filter_ruleset() function to get a list of SIDs matching the filter string.

Example:

import aristotle

a = aristotle.Ruleset("examples/example.rules")
a.set_metadata_filter("examples/example1.filter")
sids = a.filter_ruleset()

Ruleset class and functions:

class aristotle.Ruleset(rules, metadata_filter=None, include_disabled_rules=False, summary_max=16)[source]

Class for ruleset data structures, filter string, and ruleset operations.

Parameters:
  • rules (string, required) – a string containing a ruleset or a filename of a ruleset file
  • metadata_filter (string, optional) – A string or a filename of a file that defines the desired outcome based on Boolean logic, and uses the metadata key-value pairs as values in the Boolean algebra. Defaults to None (can be set later with set_metadata_filter()).
  • include_disabled_rules (boolean) – effectively enable all commented out rules when dealing with the ruleset, defaults to False
  • summary_max (int, optional) – the maximum number of rules to print when outputting summary/truncated filtered ruleset, defaults to 16.
Raises:

AristotleException
filter_ruleset(metadata_filter=None)[source]

Applies boolean filter against the ruleset and returns list of matching SIDs.

Parameters:metadata_filter (string, optional) – A string that defines the desired outcome based on Boolean logic, and uses the metadata key-value pairs as values in the Boolean algebra. Defaults to self.metadata_filter which must be set if this parameter is not set.
Returns:list of matching SIDs
Return type:list
Raises:AristotleException
get_all_sids()[source]

Returns a list of all enabled SIDs.

Note

If self.include_disabled_rules is True, then all SIDs are returned.

Returns:list of all enabled SIDs.
Return type:list
get_stats(key, keyonly=False)[source]

Returns string of statistics (total, enabled, disabled) for specified key and its values.

Parameters:
  • key (string, required) – key to print statistics for
  • keyonly (boolean, optional) – only print stats for the key itself and not stats for all possible key-value pairs, defaults to False
Returns:

string contaning stats, suitable for printing to stdout
Return type:

string
Raises:

AristotleException
output_rules(sid_list, outfile=None)[source]

Output rules, given a list of SIDs.

Parameters:
  • sid_list (list, required) – list of SIDs of the rules to output
  • outfile (string or None, optional) – filename to output to; if None, output to stdout; defaults to None
Returns:

None
Return type:

NoneType
Raises:

AristotleException
print_header()[source]

Prints vanity header and global stats.

print_ruleset_summary(sids)[source]

Prints summary/truncated filtered ruleset to stdout.

Parameters:sids (list, required) – list of SIDs.
Raises:AristotleException
print_stats(key, keyonly=False)[source]

Print statistics (total, enabled, disabled) for specified key and its values.

Parameters:
  • key (string, required) – key to print statistics for
  • keyonly (boolean, optional) – only print stats for the key itself and not stats for all possible key-value pairs, defaults to False
set_metadata_filter(metadata_filter)[source]

Sets the metadata filter to use.

Parameters:metadata_filter (string, required) – A string or a filename of a file that defines the desired outcome based on Boolean logic, and uses the metadata key-value pairs as values in the Boolean algebra.
Raises:AristotleException