summaryrefslogtreecommitdiffstats
path: root/doc/userguide/reputation/ipreputation/ip-reputation-format.rst
blob: ef465e65949a3944d8ece725352d890e4a511b6a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
IP Reputation Format
====================

Description of IP Reputation file formats. For the configuration see :doc:`ip-reputation-config` and :doc:`/rules/ip-reputation-rules` for the rule format.

Categories file
~~~~~~~~~~~~~~~

The categories file provides a mapping between a category number, short name, and long description. It's a simple CSV file:

::


  <id>,<short name>,<description>

Example:

::


  1,BadHosts,Known bad hosts
  2,Google,Known google host

The maximum value for the category id is hard coded at 60 currently.

Reputation file
~~~~~~~~~~~~~~~

The reputation file lists a reputation score for hosts in the categories. It's a simple CSV file:

::


  <ip>,<category>,<reputation score>

The IP is an IPv4 address in the quad-dotted notation or an IPv6 address. Both IP types support networks in CIDR notation. The category is the number as defined in the categories file. The reputation score is the confidence that this IP is in the specified category, represented by a number between 1 and 127 (0 means no data).

Example:

::


  1.2.3.4,1,101
  1.1.1.0/24,6,88

If an IP address has a score in multiple categories it should be listed in the file multiple times.

Example:

::


  1.1.1.1,1,10
  1.1.1.1,2,10

This lists 1.1.1.1 in categories 1 and 2, each with a score of 10.