In addition to previously available methods, Reputation can now be imported into Immediate Insight via CSV. For best performance, we recommend release you complete most recent ‘update’.

File names ending with .iprep or .iprep.csv of the format show below can now be dragged and dropped into DataFlow -> Import -> Import at Lines to populate IP reputation.

IPMATCH,building,zone
3.3.3.0/24,"sector 1, camp A",rec area
3.3.4.0/24,"sector 1, camp B",lab 3
2.2.2.1-2.2.2.6,main,EBC
2.2.2.8 to 2.2.2.21,main,training lab
5.5.5.,data center,cluster 1
1.2.3.4,outhouse,toilet 4

The first column must be IPMATCH and contain IPv4 match patterns as shown above. Fields are taken from the column headings and the values from each row.

An event is generated for each entry so that other actions, workflows can be tied to changes:

immin_repdata_1

Overlapping reputations are allowed. Non-conflicting fields are merged in. Conflicting fields are overwritten to allow easy updating by reloading the IP rep files again.

Here is a sample of overlapping rep data:

IPMATCH,Restricted
3.3.4.0/24,Sensitive
2.2.2.20 to 2.2.2.21,Limited
5.5.5.8,Black Ops
1.2.3.4,Your Eyes Only

immin_repdata_2

immin_repdata_3

Deleting entries is performed by setting the first value to IPDELETE:

IPMATCH,Restricted
3.3.4.0/24,IPDELETE
2.2.2.20 to 2.2.2.21,IPDELETE

Events are generated for every delete:

immin_repdata_4

Be warned that a delete will remove the entire reputation including fields that were merged in from other files.

Pay special attention when converting xls files to csv. Some data files may contain multiple delimiters which must be removed in order to produce a clean csv file.

immin_repdata_5

immin_repdata_6

Import will skip over bad entries in the csv file.