doc/userguide: add more operators to iprep

catenacyber · Jun 15, 2024 · 2f74d43 · 2f74d43
1 parent 37be66e
commit 2f74d43
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/doc/userguide/rules/ip-reputation-rules.rst b/doc/userguide/rules/ip-reputation-rules.rst
@@ -17,17 +17,16 @@ The iprep directive matches on the IP reputation information for a host.
 
 side to check: <any|src|dst|both>
 
-category: the category short name
+``category``: the category short name
 
-operator: <, >, =
+``operator``: <, <=, >, >=, =
 
-reputation score: 0-127
+``reputation score``: 0-127
 
 Example:
 
 ::
 
-
   alert ip $HOME_NET any -> any any (msg:"IPREP internal host talking to CnC server"; flow:to_server; iprep:dst,CnC,>,30; sid:1; rev:1;)
 
 This rule will alert when a system in $HOME_NET acts as a client while communicating with any IP in the CnC category that has a reputation score set to greater than 30.