In addition to previously available methods, Reputation can now be imported into Immediate Insight via CSV. For best performance, we recommend release you complete most recent ‘update’.
File names ending with .iprep or .iprep.csv of the format show below can now be dragged and dropped into DataFlow -> Import -> Import at Lines to populate IP reputation.
126.96.36.199/24,sector 1, camp A,rec area
188.8.131.52/24,sector 1, camp B,lab 3
184.108.40.206 to 220.127.116.11,main,training lab
5.5.5.,data center,cluster 1
The first column must be IPMATCH and contain IPv4 match patterns as shown above. Fields are taken from the column headings and the values from each row.
An event is generated for each entry so that other actions, workflows can be tied to changes:
Overlapping reputations are allowed. Non-conflicting fields are merged in. Conflicting fields are overwritten to allow easy updating by reloading the IP rep files again.
Here is a sample of overlapping rep data:
18.104.22.168 to 22.214.171.124,Limited
126.96.36.199,Your Eyes Only
Deleting entries is performed by setting the first value to IPDELETE:
188.8.131.52 to 184.108.40.206,IPDELETE
Events are generated for every delete:
Be warned that a delete will remove the entire reputation including fields that were merged in from other files.
Pay special attention when converting xls files to csv. Some data files may contain multiple delimiters which must be removed in order to produce a clean csv file.
Import will skip over bad entries in the csv file.