[Oisf-users] How do I use suricata iprep?

Stanford Prescott stan.prescott at gmail.com
Mon May 29 18:06:14 UTC 2017


I asked this question a few days ago but haven't gotten a response, so I
will try again.

I am trying to figure out how to use the iprep feature with suricata. I
have used the reputation IP blacklists with snort that Talos Intelligence
provides. But the iprep feature of suricata seems to work differently
according to the documentation I have been reading.

There is a "categories.txt" file in the suricata.yaml configuration. From
where do I get the categories.txt file?

For the "reputation.list" file in the iprep config, is this a file that I
would add the IPs from a public service like the Talos Intelligence IP
blacklist?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170529/bc0783cc/attachment.html>


More information about the Oisf-users mailing list