Add iprep compatibility
Add the ability to pull down iprep files from the same or different endpoints as rules are pulled down from.
Updated by Michael Schem 12 months ago
List of items that need to be accomplished to enable this
- Add new iprep sources
- Check to see if iprep is enabled in yaml. Warn if not enabled.
- Check to see if suricata-update merged list (suricata.list) is in yaml.
- Download all saved iprep list and source
- Merge iprep lists
- Merge categories.txt (or as defined by yaml)
- Parse iprep rules making sure each line has 3 comma delimited fields
- Parse iprep rules to make sure category is included in the categories.txt as defined by yaml
- Parse iprep rules to make sure reputation score is in allowed range 0-127
- Warn about rep scores at 0 as they will not alert
- Get free provider to add to default yaml as a source