[Oisf-users] iprep rules / configuration
Andreas Herz
aherz at oisf.net
Thu Dec 19 20:33:05 UTC 2019
Hi Mike,
On 19/11/19 at 13:41, mike tancsa wrote:
> New user here. I am not sure I am getting the usage / notional purpose
> of ip reputation lists right. My goal is to get a high level alert,
> every time I see an endpoint to talk certain black listed IPs. I have
> the following custom rule
Can you try to reproduce that with a test pcap in the -r mode and if so
create a issue in the redmine so we can debug it?
Thanks
--
Andreas Herz
More information about the Oisf-users
mailing list