crowdsec/config/profiles.yaml

profile: default_remediation
filter: "sig.Labels.remediation == 'true' && not sig.Whitelisted"
api: true # If no api: specified, will use the default config in default.yaml
remediation:
  ban: true
  slow: true
  captcha: true
  duration: 4h
outputs:
  - plugin: database
---
profile: default_notification
filter: "sig.Labels.remediation != 'true'"
#remediation is empty, it means non taken
api: false
outputs:
  - plugin: database  # If we do not want to push, we can remove this line and the next one
    store: false
---
profile: send_false_positif_to_API
filter: "sig.Whitelisted == true && sig.Labels.remediation == 'true'"
#remediation is empty, it means non taken
api: true
outputs:
  - plugin: database  # If we do not want to push, we can remove this line and the next one
    store: false
initial import 2020-05-15 09:39:16 +00:00			`profile: default_remediation`
add whitelisted flag in signal occurence (#114) 2020-07-02 09:44:27 +00:00			`filter: "sig.Labels.remediation == 'true' && not sig.Whitelisted"`
initial import 2020-05-15 09:39:16 +00:00			`api: true # If no api: specified, will use the default config in default.yaml`
			`remediation:`
			`ban: true`
			`slow: true`
			`captcha: true`
			`duration: 4h`
			`outputs:`
updated mysql plugin support (#135) * add support for plugin, support mysql & so on * fix queries Co-authored-by: erenJag <erenJag> Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-16 14:05:03 +00:00			`- plugin: database`
initial import 2020-05-15 09:39:16 +00:00			`---`
			`profile: default_notification`
			`filter: "sig.Labels.remediation != 'true'"`
			`#remediation is empty, it means non taken`
			`api: false`
			`outputs:`
updated mysql plugin support (#135) * add support for plugin, support mysql & so on * fix queries Co-authored-by: erenJag <erenJag> Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-16 14:05:03 +00:00			`- plugin: database # If we do not want to push, we can remove this line and the next one`
initial import 2020-05-15 09:39:16 +00:00			`store: false`
add whitelisted flag in signal occurence (#114) 2020-07-02 09:44:27 +00:00			`---`
			`profile: send_false_positif_to_API`
			`filter: "sig.Whitelisted == true && sig.Labels.remediation == 'true'"`
			`#remediation is empty, it means non taken`
			`api: true`
			`outputs:`
updated mysql plugin support (#135) * add support for plugin, support mysql & so on * fix queries Co-authored-by: erenJag <erenJag> Co-authored-by: AlteredCoder <AlteredCoder> 2020-07-16 14:05:03 +00:00			`- plugin: database # If we do not want to push, we can remove this line and the next one`
add whitelisted flag in signal occurence (#114) 2020-07-02 09:44:27 +00:00			`store: false`