Skip to content
Snippets Groups Projects
Commit 3805c5fb authored by ale's avatar ale
Browse files

Slightly more documentation

parent 3c544c3f
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 16 additions and 4 deletions
README.md
+ 16
4
View file @ 3805c5fb
...@@ -26,8 +26,20 @@ supported are *append* and *scan* (and internally a ...@@ -26,8 +26,20 @@ supported are *append* and *scan* (and internally a
*delete-older-than* that periodically wipes entries that are too old *delete-older-than* that periodically wipes entries that are too old
to be relevant anymore). to be relevant anymore).
Querying reputation for an IP consists in scanning the database for Querying reputation for an IP consists in scanning the database for a
a pre-defined window of time in the past, and passing the results pre-defined window of time in the past, and passing the results to a
to a *scoring script* (currently written in an embedded language), *scoring script* (currently written in [an embedded
that applies aggregation and weighting and returns the final score. language](https://github.com/d5/tengo)), that applies aggregation and
weighting and returns the final score.
## RPC interface
The server provides a simple GRPC interface that is used for event
submission and querying. The query API is a simple IP lookup,
returning a score. This conceivably could be turned into a DNS-based
API as well.
## Third-party sources
It would be nice to allow the scoring script to consult other IP-based
third-party sources, such as DNSBLs, or GeoIP lookups, etc.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment