bui
31a3b8a4ef
move this to pkg/waf
2023-10-27 11:09:19 +02:00
bui
cd1cefbc8b
fix behavior so we only generate crowdsec events if interrupt was generated in either inband or outofband phases
2023-10-26 15:23:45 +02:00
bui
0cebf833c7
add options via WaapConfig for inband and outofband engines
2023-10-26 14:46:08 +02:00
bui
82bb8a2789
no leak plz
2023-10-26 13:01:11 +02:00
bui
f18b554177
warn at start if body reading is disabled
2023-10-26 12:45:59 +02:00
bui
6cbeefead6
up
2023-10-26 12:04:58 +02:00
Sebastien Blot
676352b5b1
new custom rule format
2023-10-25 18:45:49 +02:00
bui
4bfca8cab5
fix meta encoding
2023-10-25 13:54:57 +02:00
bui
9edde09608
up
2023-10-24 18:16:30 +02:00
bui
c02c74b5fe
shortcut for waap events
2023-10-24 17:24:16 +02:00
bui
b2bb15bb49
generate a special event for waap
2023-10-24 17:23:46 +02:00
bui
685006508c
make waap rules generate crowdsec events (again)
2023-10-24 13:43:27 +02:00
bui
03650401c5
default level
2023-10-24 10:57:22 +02:00
bui
00e1ffbf58
simplify a bit
2023-10-24 10:49:28 +02:00
bui
bd9df8f480
logger
2023-10-23 10:59:02 +02:00
bui
2ff238d5f8
logger
2023-10-23 10:53:52 +02:00
bui
dca6faab08
logger
2023-10-23 10:53:39 +02:00
Sebastien Blot
15120a6d8f
merge hub-1.5.6
2023-10-19 14:19:37 +02:00
Sebastien Blot
ecbdf2f0e1
merge master branch
2023-10-19 10:51:54 +02:00
bui
c89b42939e
naming
2023-10-18 17:17:57 +02:00
bui
98fb84d3e7
be consistent : waap-rules
2023-10-18 17:11:43 +02:00
Sebastien Blot
511468b8fe
up
2023-10-18 13:42:56 +02:00
Sebastien Blot
92a3c4b2fb
up
2023-10-04 14:17:21 +02:00
Sebastien Blot
dd7fa82543
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
535738b962
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
d3ce4cbf8e
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
7fdd4d04fe
up
2023-10-04 10:25:32 +02:00
bui
a8321b5cc5
up
2023-09-14 09:43:22 +02:00
bui
6a47b9e97d
up
2023-09-13 18:03:03 +02:00
bui
7081666199
up
2023-09-13 17:34:53 +02:00
bui
2e60e8021c
up wip
2023-09-13 17:12:09 +02:00
blotus
43ef32aa8d
Kafka acquisition: do not create empty events when a read error occurs ( #2466 )
2023-09-13 13:20:36 +02:00
bui
6930b1e3e5
up
2023-09-13 10:45:06 +02:00
bui
1286efc74f
up
2023-09-12 18:17:58 +02:00
mmetc
d45bec4047
minor log message improvements ( #2455 )
2023-09-12 11:04:56 +02:00
bui
5a0b1b72d3
up
2023-09-12 10:42:28 +02:00
bui
1a5799e058
up
2023-09-12 09:45:14 +02:00
Thibault "bui" Koechlin
4e26e23725
Waap config ( #2460 )
...
* revamp wip
2023-09-11 10:35:14 +02:00
bui
24d2c264a7
clarify logging if triggering inband or outofband rules
2023-09-05 17:56:02 +02:00
alteredCoder
0379574b14
support SSL for waf
2023-08-31 11:07:51 +02:00
mmetc
c588be0842
golangci-lint: use v1.54, remove unnecessary byte/string conversions ( #2438 )
2023-08-25 16:22:10 +02:00
alteredCoder
e0bd4dc928
fix linter
2023-08-24 12:11:54 +02:00
bui
4846701ed5
logging
2023-08-21 15:34:18 +02:00
mmetc
cd9d8f309d
CI: increase test sleep to fix flaky acquisition/file test under win ( #2410 )
...
* CI: increase test sleep to attempt fix for flaky windows acquitition/file test
* wip
2023-08-08 16:11:32 +02:00
Sebastien Blot
a4ee1e717e
try re2 for @rx operator
2023-08-02 11:47:35 +02:00
alteredCoder
885c283097
remove debug
2023-08-01 10:58:36 +02:00
alteredCoder
cbf06c25fb
fix outofband evt generation
2023-08-01 10:34:43 +02:00
alteredCoder
353926ec91
add debug
2023-07-31 18:47:54 +02:00
alteredCoder
4332598cd1
add debug
2023-07-31 18:44:32 +02:00
alteredCoder
da37b5566d
update
2023-07-31 18:35:35 +02:00
Sebastien Blot
711f0474d9
merge from master
2023-07-31 17:05:25 +02:00
Sebastien Blot
dd83bdea6b
revert previous bad merge
2023-07-31 17:00:06 +02:00
alteredCoder
fc8a0ee9d4
update
2023-07-31 15:06:42 +02:00
bui
4a38cb5bbb
logging
2023-07-31 14:47:48 +02:00
bui
e4e2bb5504
switch to properly compiled regexp to be able to bail out early
2023-07-31 14:45:21 +02:00
bui
a7cd86f725
allow to select what variables shouldd be tracked
2023-07-31 12:15:04 +02:00
mmetc
ffadd42779
update dependency on go-cs-lib; drop the pkg/ part ( #2393 )
2023-07-28 16:35:08 +02:00
Sebastien Blot
dd5e38a2c5
expose internal coraza vars in evt.Waap
2023-07-27 10:01:56 +02:00
Sebastien Blot
2f5a6fbb4f
wip
2023-07-27 09:22:26 +02:00
Sebastien Blot
792961d757
wip
2023-07-27 09:22:26 +02:00
Sebastien Blot
01ced8fb99
merge
2023-07-27 09:22:26 +02:00
alteredCoder
4993758b36
handle missing headers
2023-07-26 12:47:16 +02:00
bui
54fd2e4e70
fixed
2023-07-20 16:47:07 +02:00
alteredCoder
779ea2e262
fix
2023-07-19 18:19:14 +02:00
alteredCoder
472f40b9d4
fix
2023-07-19 18:18:24 +02:00
alteredCoder
ab2c152627
reduce verbosity
2023-07-19 14:39:57 +02:00
alteredCoder
7d8c931d00
add loggers
2023-07-19 14:35:02 +02:00
alteredCoder
8ba692b115
debug
2023-07-19 12:02:38 +02:00
alteredCoder
cd5cb55a7e
debug
2023-07-19 11:57:14 +02:00
alteredCoder
d946286e5c
remove spew
2023-07-19 11:50:42 +02:00
alteredCoder
e543523ba3
update ban remediation
2023-07-19 10:34:22 +02:00
bui
f7eaefa518
up
2023-07-18 18:12:17 +02:00
Sebastien Blot
ef4fe8f5d3
merge
2023-07-13 16:22:21 +02:00
blotus
57547c32c9
Aggregate WAF rules into a single event ( #2350 )
2023-07-13 16:20:04 +02:00
bui
a6ba0e869c
imp logging
2023-07-11 09:29:17 +02:00
bui
8baeb70998
add metrics
2023-07-10 18:00:19 +02:00
blotus
f9ca14f010
add object key in src for S3 acquis ( #2342 )
2023-07-07 10:09:18 +02:00
blotus
1295de928a
Properly match new files on windows when doing file acquisition ( #2329 )
2023-07-06 14:45:38 +02:00
alteredCoder
84b6570554
Revert "Merge remote-tracking branch 'origin' into coraza_poc_acquis"
...
This reverts commit 7098e971c7
, reversing
changes made to 13512891e4
.
2023-07-04 18:46:20 +02:00
alteredCoder
7098e971c7
Merge remote-tracking branch 'origin' into coraza_poc_acquis
2023-07-04 17:42:39 +02:00
alteredCoder
13512891e4
add waf_routines
2023-07-04 17:36:56 +02:00
mmetc
bd41f855cf
errors.Wrap -> fmt.Errorf ( #2317 )
2023-06-29 11:34:59 +02:00
mmetc
a910b7beca
non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) ( #2309 )
...
This on the other hand, gives a new fatal error when there are no valid datasources.
In the previous version, crowdsec kept running with just a warning if no
acquisition yaml or dir were specified.
2023-06-27 10:13:13 +02:00
mmetc
9beb5388cb
errors.Wrap -> fmt.Errorf; clean up imports ( #2301 )
2023-06-23 14:04:58 +02:00
mmetc
8bfeb7d90d
Update go dependencies ( #2293 )
...
- update fatih/color (fix windows issue)
- update mongo-driver (fix build issue)
- go.mod: merge two "require" blocks
- update semver dependency (same version as indirect dep), fix test checks in cscli setup
- remove gotest.tools dependency (use testify, cstest)
- update x/ exp, mod, sys dependencies
2023-06-22 11:31:41 +02:00
Sebastien Blot
3fe6e3be14
check for interruption and ignore empty messages
2023-06-16 16:52:01 +02:00
alteredCoder
877d4fc32d
update
2023-06-16 14:23:53 +02:00
alteredCoder
07b60233db
update waf
2023-06-16 12:19:44 +02:00
Sebastien Blot
9180ac7be9
wip
2023-06-15 22:51:57 +02:00
Sebastien Blot
805752dc62
wip
2023-06-13 17:08:48 +02:00
alteredCoder
40f65de7b9
optim
2023-06-13 16:31:30 +02:00
alteredCoder
fa172bed56
up
2023-06-13 15:41:32 +02:00
Sebastien Blot
a2e6359880
merge
2023-06-09 13:01:58 +02:00
Sebastien Blot
c46e2ccdad
up
2023-06-09 13:00:43 +02:00
alteredCoder
61e1cc29d5
update
2023-06-08 17:45:21 +02:00
Sebastien Blot
415e2dc68d
merge
2023-06-08 11:22:16 +02:00
bui
739d086325
up
2023-06-07 14:12:42 +02:00
bui
30455a8eb6
progress
2023-06-07 13:45:36 +02:00
bui
d123254949
wip
2023-06-06 18:28:06 +02:00
Thibault "bui" Koechlin
ee8b31348b
Merge branch 'master' into coraza_poc_acquis
2023-06-06 18:23:59 +02:00