Aristotle Documentation

Summary

Aristotle is a simple yet powerful Python program that enables the filtering and manipulating of Suricata and Snort rulesets based on explicit and induced metadata for each rule. It can be thought of as a “Swiss Army Knife” to enable, disable, augment, curate, and tune rulesets so they can be optimized for particular environments, resulting in enhanced alert outputs and a reduction in false positives. Aristotle can be run as a standalone script or utilized as a module.

_images/aristotle.png