doc/userguide: add more operators to iprep

author Victor Julien <vjulien@oisf.net>

Thu, 6 Jun 2024 15:38:34 +0000 (17:38 +0200)

committer Victor Julien <victor@inliniac.net>

Sat, 15 Jun 2024 13:43:28 +0000 (15:43 +0200)
author Victor Julien <vjulien@oisf.net>
Thu, 6 Jun 2024 15:38:34 +0000 (17:38 +0200)
committer Victor Julien <victor@inliniac.net>
Sat, 15 Jun 2024 13:43:28 +0000 (15:43 +0200)
diff --git a/doc/userguide/rules/ip-reputation-rules.rst b/doc/userguide/rules/ip-reputation-rules.rst

index 730a4f11a92db4632f7f2e3960b3162a0b0bca43..19ee033e1b080ccd645ebccbab285fe082bc1561 100644 (file)
--- a/doc/userguide/rules/ip-reputation-rules.rst
+++ b/doc/userguide/rules/ip-reputation-rules.rst
@@ -17,17 +17,16 @@ The iprep directive matches on the IP reputation information for a host.
  
  side to check: <any|src|dst|both>
  
-category: the category short name
+``category``: the category short name
  
-operator: <, >, =
+``operator``: <, <=, >, >=, =
  
-reputation score: 0-127
+``reputation score``: 0-127
  
  Example:
  
  ::
  
-
    alert ip $HOME_NET any -> any any (msg:"IPREP internal host talking to CnC server"; flow:to_server; iprep:dst,CnC,>,30; sid:1; rev:1;)
  
  This rule will alert when a system in $HOME_NET acts as a client while communicating with any IP in the CnC category that has a reputation score set to greater than 30.
author	Victor Julien <vjulien@oisf.net>
	Thu, 6 Jun 2024 15:38:34 +0000 (17:38 +0200)
committer	Victor Julien <victor@inliniac.net>
	Sat, 15 Jun 2024 13:43:28 +0000 (15:43 +0200)