Project

General

Profile

Actions
Copy link

Feature #3721

open

Add iprep compatibility

Added by Michael Schem over 4 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Michael Schem
Target version:
TBD
Effort:
medium
Difficulty:
medium
Label:

Description

Add the ability to pull down iprep files from the same or different endpoints as rules are pulled down from.

Actions
Copy link
 #1

Updated by Michael Schem over 4 years ago

List of items that need to be accomplished to enable this

  • Add new iprep sources
  • Check to see if iprep is enabled in yaml. Warn if not enabled.
  • Check to see if suricata-update merged list (suricata.list) is in yaml.
  • Download all saved iprep list and source
  • Merge iprep lists
  • Merge categories.txt (or as defined by yaml)
  • Parse iprep rules making sure each line has 3 comma delimited fields
  • Parse iprep rules to make sure category is included in the categories.txt as defined by yaml
  • Parse iprep rules to make sure reputation score is in allowed range 0-127
  • Warn about rep scores at 0 as they will not alert
  • Get free provider to add to default yaml as a source
Actions
Copy link

Also available in: Atom PDF