From: Victor Julien <vjulien@oisf.net>
Date: Thu, 6 Jun 2024 15:38:34 +0000 (+0200)
Subject: doc/userguide: add more operators to iprep
X-Git-Tag: suricata-8.0.0-beta1~1170
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f74d435d369eaf6b8ef01565f6c8afd8743f216;p=thirdparty%2Fsuricata.git

doc/userguide: add more operators to iprep
---

diff --git a/doc/userguide/rules/ip-reputation-rules.rst b/doc/userguide/rules/ip-reputation-rules.rst
index 730a4f11a9..19ee033e1b 100644
--- a/doc/userguide/rules/ip-reputation-rules.rst
+++ b/doc/userguide/rules/ip-reputation-rules.rst
@@ -17,17 +17,16 @@ The iprep directive matches on the IP reputation information for a host.
 
 side to check: <any|src|dst|both>
 
-category: the category short name
+``category``: the category short name
 
-operator: <, >, =
+``operator``: <, <=, >, >=, =
 
-reputation score: 0-127
+``reputation score``: 0-127
 
 Example:
 
 ::
 
-
   alert ip $HOME_NET any -> any any (msg:"IPREP internal host talking to CnC server"; flow:to_server; iprep:dst,CnC,>,30; sid:1; rev:1;)
 
 This rule will alert when a system in $HOME_NET acts as a client while communicating with any IP in the CnC category that has a reputation score set to greater than 30.