I started writing SA rules about a year ago. Although I am new to this
list, I have been lurking for quite a while. I would like to thank Kevin
McGrail and others for providing rules and tips that inspires me to
write my own custom rules.
Today I wrote a little tool that helps me test my SA rules. I was using
Rubular.com to check one pattern at a time which was very tedious. With
my new tool, I can paste my entire rule.cf file (or just a one rule) and
check against any test string to see which rules hit. (operates like a
multi-line version of Rubular)
I hope some of you find this tool useful. I wrote it because I couldn't
find another one like it in google. If there is something better at
testing SA rules like this, please let me know so I don't waste any
further development efforts. If it is useful, ideas and suggestions will
be heartily appreciated.
www.satester.com
It's a one page site created in one day, so it doesn't look like much
right now. We might style it better later on. There is no database and
we save nothing entered into the site. It ignores meta, score, and
describe at this time (any line without regex in it) Simply paste in a
rule and enter some sample text and it automatically highlights the
hits.
I notice a couple of bugs already. I've seen an odd rule hit on one of
our span tags used for highlighting sample results. Also I need to add
mimeheader to the list of lines that contain regex to be checked (along
with header, body, rawbody, etc.)
Hope you enjoy!
Allen Marsalis
President, Bandwise LLC
am -at- satester dot com
