Add iprep compatibility
Add the ability to pull down iprep files from the same or different endpoints as rules are pulled down from.
Updated by Michael Schem about 2 years ago
List of items that need to be accomplished to enable this
- Add new iprep sources
- Check to see if iprep is enabled in yaml. Warn if not enabled.
- Check to see if suricata-update merged list (suricata.list) is in yaml.
- Download all saved iprep list and source
- Merge iprep lists
- Merge categories.txt (or as defined by yaml)
- Parse iprep rules making sure each line has 3 comma delimited fields
- Parse iprep rules to make sure category is included in the categories.txt as defined by yaml
- Parse iprep rules to make sure reputation score is in allowed range 0-127
- Warn about rep scores at 0 as they will not alert
- Get free provider to add to default yaml as a source