description:show alerts for this value (used with scope)
- name:scenario
in:query
required:false
type:string
description:show alerts for this scenario
- name:ip
in:query
required:false
type:string
description:IP to search for (shorthand for scope=ip&value=)
- name:range
in:query
required:false
type:string
description:range to search for (shorthand for scope=range&value=)
- name:since#shouldn't "since" be a golang-duration format ?
in:query
required:false
type:string
format:date-time
description:'search alerts newer than delay (format must be compatible with time.ParseDuration)'
- name:until#same as for "since"
in:query
description:'search alerts older than delay (format must be compatible with time.ParseDuration)'
required:false
type:string
format:date-time
- name:simulated
in:query
required:false
type:boolean
description:if set to true, decisions in simulation mode will be returned as well
- name:has_active_decision
in:query
required:false
type:boolean
description:'only return alerts with decisions not expired yet'
- name:decision_type
in:query
required:false
type:string
description:'restrict results to alerts with decisions matching given type'
- name:limit
in:query
required:false
type:number
description:'number of alerts to return'
responses:
'200':
description:successful operation
schema:
$ref:'#/definitions/GetAlertsResponse'
headers:{}
'400':
description:"400 response"
schema:
$ref:"#/definitions/ErrorResponse"
security:
- JWTAuthorizer:[]
head:
description:Allows to search for alerts
summary:searchAlerts
tags:
- watchers
operationId:headAlerts
deprecated:false
produces:
- application/json
parameters:
- name:scope
in:query
required:false
type:string
description:show alerts for this scope
- name:value
in:query
required:false
type:string
description:show alerts for this value (used with scope)
- name:scenario
in:query
required:false
type:string
description:show alerts for this scenario
- name:ip
in:query
required:false
type:string
description:IP to search for (shorthand for scope=ip&value=)
- name:range
in:query
required:false
type:string
description:range to search for (shorthand for scope=range&value=)
- name:since#shouldn't "since" be a golang-duration format ?
in:query
required:false
type:string
format:date-time
description:'search alerts newer than delay (format must be compatible with time.ParseDuration)'
- name:until#same as for "since"
in:query
description:'search alerts older than delay (format must be compatible with time.ParseDuration)'
required:false
type:string
format:date-time
- name:simulated
in:query
required:false
type:boolean
description:if set to true, decisions in simulation mode will be returned as well
- name:has_active_decision
in:query
required:false
type:boolean
description:'only return alerts with decisions not expired yet'
- name:decision_type
in:query
required:false
type:string
description:'restrict results to alerts with decisions matching given type'
- name:limit
in:query
required:false
type:number
description:'number of alerts to return'
responses:
'200':
description:successful operation
headers:{}
'400':
description:"400 response"
security:
- JWTAuthorizer:[]
delete:
description:Allows to delete alerts
summary:deleteAlerts
tags:
- watchers
operationId:deleteAlerts
deprecated:false
produces:
- application/json
parameters:
- name:scope
in:query
required:false
type:string
description:delete alerts for this scope
- name:value
in:query
required:false
type:string
description:delete alerts for this value (used with scope)
- name:scenario
in:query
required:false
type:string
description:delete alerts for this scenario
- name:ip
in:query
required:false
type:string
description:delete Alerts with IP (shorthand for scope=ip&value=)
- name:range
in:query
required:false
type:string
description:delete alerts concerned by range (shorthand for scope=range&value=)
- name:since
in:query
required:false
type:string
format:date-time
description:'delete alerts added after YYYY-mm-DD-HH:MM:SS'
- name:until
in:query
required:false
type:string
format:date-time
description:'delete alerts added before YYYY-mm-DD-HH:MM:SS'
- name:has_active_decision
in:query
required:false
type:boolean
description:'delete only alerts with decisions not expired yet'
- name:alert_source
in:query
required:false
type:string
description:delete only alerts with matching source (ie. cscli/crowdsec)
responses:
'200':
description:successful operation
schema:
$ref:'#/definitions/DeleteAlertsResponse'
headers:{}
'400':
description:"400 response"
schema:
$ref:"#/definitions/ErrorResponse"
security:
- JWTAuthorizer:[]
'/alerts/{alert_id}':
get:
description:Get alert by ID
summary:GetAlertByID
tags:
- watchers
operationId:GetAlertbyID
deprecated:false
produces:
- application/json
parameters:
- name:alert_id
in:path
required:true
type:string
description:''
responses:
'200':
description:successful operation
schema:
$ref:'#/definitions/Alert'
headers:{}
'400':
description:"400 response"
schema:
$ref:"#/definitions/ErrorResponse"
security:
- JWTAuthorizer:[]
head:
description:Get alert by ID
summary:GetAlertByID
tags:
- watchers
operationId:HeadAlertbyID
deprecated:false
produces:
- application/json
parameters:
- name:alert_id
in:path
required:true
type:string
description:''
responses:
'200':
description:successful operation
headers:{}
'400':
description:"400 response"
security:
- JWTAuthorizer:[]
definitions:
WatcherRegistrationRequest:
title:WatcherRegistrationRequest
type:object
properties:
machine_id:
type:string
password:
type:string
format:password
required:
- machine_id
- password
WatcherAuthRequest:
title:WatcherAuthRequest
type:object
properties:
machine_id:
type:string
password:
type:string
format:password
scenarios:
description:the list of scenarios enabled on the watcher
type:array
items:
type:string
required:
- machine_id
- password
WatcherAuthResponse:
title:WatcherAuthResponse
description:the response of a successful authentication
type:object
properties:
code:
type:integer
expire:
type:string
token:
type:string
Alert:
title:Alert
type:object
properties:
id:
description:'only relevant for GET, ignored in POST requests'
type:integer
readOnly:true
machine_id:
description:'only relevant for APIL->APIC, ignored for cscli->APIL and crowdsec->APIL'
type:string
readOnly:true
created_at:
description:'only relevant for GET, ignored in POST requests'
type:string
readOnly:true
scenario:
type:string
scenario_hash:
type:string
scenario_version:
type:string
message:
description:a human readable message
type:string
events_count:
type:integer
format:int32
start_at:
type:string
stop_at:
type:string
capacity:
type:integer
format:int32
leakspeed:
type:string
simulated:
type:boolean
events:
description:the Meta of the events leading to overflow
type:array
items:
$ref:'#/definitions/Event'
remediation:
type:boolean
decisions:
type:array
items:
$ref:'#/definitions/Decision'
source:
$ref:'#/definitions/Source'
meta:
$ref:'#/definitions/Meta'
labels:
type:array
items:
type:string
required:
- scenario
- scenario_hash
- scenario_version
- message
- events_count
- start_at
- stop_at
- capacity
- leakspeed
- simulated
- events
- source
Source:
title:Source
type:object
properties:
scope:
description: 'the scope of a source :ip,range,username,etc'
type:string
value:
description: 'the value of a source :the ip, the range, the username,etc'
type:string
ip:
description:provided as a convenience when the source is an IP
type:string
range:
description:provided as a convenience when the source is an IP
type:string
as_number:
description:provided as a convenience when the source is an IP
type:string
as_name:
description:provided as a convenience when the source is an IP
type:string
cn:
type:string
latitude:
type:number
format:float
longitude:
type:number
format:float
required:
- scope
- value
Metrics:
title:Metrics
type:object
properties:
apil_version:
description:the local version of crowdsec/apil
type:string
bouncers:
type:array
items:
$ref:'#/definitions/MetricsSoftInfo'
machines:
type:array
items:
$ref:'#/definitions/MetricsSoftInfo'
required:
- apil_version
- bouncers
- machines
MetricsSoftInfo:
title:MetricsSoftInfo
description:Software version info (so we can warn users about out-of-date software). The software name and the version are "guessed" from the user-agent
type:object
properties:
name:
type:string
description:name of the component
version:
type:string
description:software version
Decision:
title:Decision
type:object
properties:
id:
description:(only relevant for GET ops) the unique id
type:integer
readOnly:true
origin:
description: 'the origin of the decision :cscli, crowdsec'
type:string
type:
description:'the type of decision, might be ''ban'', ''captcha'' or something custom. Ignored when watcher (cscli/crowdsec) is pushing to APIL.'
type:string
scope:
description: 'the scope of decision :does it apply to an IP, a range, a username, etc'
type:string
value:
description: 'the value of the decision scope :an IP, a range, a username, etc'
type:string
duration:
type:string
scenario:
type:string
simulated:
type:boolean
description:'true if the decision result from a scenario in simulation mode'