============================================================
 IDPS Agent — installation (CYBREIGN SOC)
============================================================

WHAT THIS IS
  A drop-in agent that turns any PHP/Apache (or LiteSpeed) website
  into a monitored, self-defending edge. Every request is classified
  (bot/human + attack signatures) and logged into YOUR OWN database,
  attacks are auto-blocked locally (IPS), and each event is streamed
  to your CYBREIGN SOC dashboard. The agent only makes OUTBOUND calls,
  so nothing needs to be opened on your firewall.

WHAT'S IN THE KIT
  idps-agent.php     The engine (logging, detection, blocking, push).
  idps-config.php    Your settings — EDIT SECTION 1 (database).
  .htaccess          Routing rules — ready to use (no renaming).
  htaccess.txt       Identical backup, in case your unzip tool hides
                     dotfiles. If ".htaccess" is missing, rename this.
  cacert.pem         CA bundle so the HTTPS push works on any host.
  README.txt         This file.

INSTALL (2 steps)
  1. Upload ALL files into your website's root directory
     (e.g. public_html/). Keep them together.
  2. Open idps-config.php → Section 1 and set your database
     (IDPS_DB_NAME / USER / PASS). Leave IDPS_DB_NAME blank only
     for a quick flat-file test.
       → The API key, secret and dashboard URLs are ALREADY filled
         in if you downloaded this kit from the dashboard.

THAT'S IT.
  On the first request the agent creates its own `idps_events` table
  in your database, starts logging + protecting, and streams events
  to your SOC dashboard. Static assets (css/js/images) pass straight
  through untouched. Your site keeps working exactly as before.

WHAT STAYS PRIVATE / SECURE
  • idps-config.php, idps-data/ and idps-logs/ are denied to browsers
    by the bundled .htaccess.
  • Every call to the dashboard is signed (HMAC-SHA256 + timestamp),
    so only YOUR agent can push and only YOUR dashboard can configure it.
  • Your visitor logs live in YOUR database — the source of truth.

TROUBLESHOOTING
  • Dashboard shows the client OFFLINE?
      - Make sure the server can reach the internet on HTTPS (443).
      - On a slow link, raise IDPS_PUSH_TIMEOUT in idps-config.php.
      - If the host's PHP lacks CA certs, the bundled cacert.pem fixes it.
  • Need to repoint the agent to a different dashboard? Your SOC can do
    it remotely (no re-upload) from the client's Agent tab.

UNINSTALL
  Remove the kit files and the .htaccess rules. Drop the idps_events
  table if you no longer want the local history.