Reputation Feeds

Page Layout

This page allows you to upload a reputation feed for use with event buckets.

An reputation feed is an URL that contains values (e.g. IP addresses) with known reputations. This feed can be used to create a blacklist for an event bucket to include or exclude events containing a certain value.

Clicking the "IMPORT" button allows you to import a preconfigured JSON file containing reputation feed(s). Clicking the "EXPORT" button will export all currently configured reputation feeds into a JSON file.

Adding a Reputation Feed

A reputation feed can also be added manually by clicking the "+" button.

There are five different types of data that can be used to create the reputation feed: IP addresses, FQDNs, email addresses, URLs, and MD5s.

Using a Reputation Feed

Navigate to EventWatch->EventWatch Rules Page, choose the rule you'd like to edit and click the pencil icon:

Click "+ FILTER" and there's a drop-down menu of filter type, choose "feed" as the type. Then, all the available feeds can be chosen below, just choose one that you'd like to use for this rule.

Page last updated: 2023 Aug 01 17:23:14 EDT

Reputation Feeds

Page Layout​

Adding a Reputation Feed​

Using a Reputation Feed​

Page Layout

Adding a Reputation Feed

Using a Reputation Feed