beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
1774 commits 83 branches 177 tags 151 MiB
Commit graph

243 commits

Author SHA1 Message Date
bui 31a3b8a4ef move this to pkg/waf 2023-10-27 11:09:19 +02:00
bui cd1cefbc8b fix behavior so we only generate crowdsec events if interrupt was generated in either inband or outofband phases 2023-10-26 15:23:45 +02:00
bui 0cebf833c7 add options via WaapConfig for inband and outofband engines 2023-10-26 14:46:08 +02:00
bui 82bb8a2789 no leak plz 2023-10-26 13:01:11 +02:00
bui f18b554177 warn at start if body reading is disabled 2023-10-26 12:45:59 +02:00
bui 6cbeefead6 up 2023-10-26 12:04:58 +02:00
Sebastien Blot 676352b5b1
new custom rule format 2023-10-25 18:45:49 +02:00
bui 4bfca8cab5 fix meta encoding 2023-10-25 13:54:57 +02:00
bui 9edde09608 up 2023-10-24 18:16:30 +02:00
bui c02c74b5fe shortcut for waap events 2023-10-24 17:24:16 +02:00
bui b2bb15bb49 generate a special event for waap 2023-10-24 17:23:46 +02:00
bui 685006508c make waap rules generate crowdsec events (again) 2023-10-24 13:43:27 +02:00
bui 03650401c5 default level 2023-10-24 10:57:22 +02:00
bui 00e1ffbf58 simplify a bit 2023-10-24 10:49:28 +02:00
bui bd9df8f480 logger 2023-10-23 10:59:02 +02:00
bui 2ff238d5f8 logger 2023-10-23 10:53:52 +02:00
bui dca6faab08 logger 2023-10-23 10:53:39 +02:00
Sebastien Blot 15120a6d8f
merge hub-1.5.6 2023-10-19 14:19:37 +02:00
Sebastien Blot ecbdf2f0e1
merge master branch 2023-10-19 10:51:54 +02:00
bui c89b42939e naming 2023-10-18 17:17:57 +02:00
bui 98fb84d3e7 be consistent : waap-rules 2023-10-18 17:11:43 +02:00
Sebastien Blot 511468b8fe
up 2023-10-18 13:42:56 +02:00
Sebastien Blot 92a3c4b2fb
up 2023-10-04 14:17:21 +02:00
Sebastien Blot dd7fa82543
up 2023-10-04 10:25:32 +02:00
Sebastien Blot 535738b962
up 2023-10-04 10:25:32 +02:00
Sebastien Blot d3ce4cbf8e
up 2023-10-04 10:25:32 +02:00
Sebastien Blot 7fdd4d04fe
up 2023-10-04 10:25:32 +02:00
bui a8321b5cc5 up 2023-09-14 09:43:22 +02:00
bui 6a47b9e97d up 2023-09-13 18:03:03 +02:00
bui 7081666199 up 2023-09-13 17:34:53 +02:00
bui 2e60e8021c up wip 2023-09-13 17:12:09 +02:00
blotus 43ef32aa8d
Kafka acquisition: do not create empty events when a read error occurs (#2466) 2023-09-13 13:20:36 +02:00
bui 6930b1e3e5 up 2023-09-13 10:45:06 +02:00
bui 1286efc74f up 2023-09-12 18:17:58 +02:00
mmetc d45bec4047
minor log message improvements (#2455) 2023-09-12 11:04:56 +02:00
bui 5a0b1b72d3 up 2023-09-12 10:42:28 +02:00
bui 1a5799e058 up 2023-09-12 09:45:14 +02:00
Thibault "bui" Koechlin 4e26e23725
Waap config (#2460) 
* revamp wip
 2023-09-11 10:35:14 +02:00
bui 24d2c264a7 clarify logging if triggering inband or outofband rules 2023-09-05 17:56:02 +02:00
alteredCoder 0379574b14 support SSL for waf 2023-08-31 11:07:51 +02:00
mmetc c588be0842
golangci-lint: use v1.54, remove unnecessary byte/string conversions (#2438) 2023-08-25 16:22:10 +02:00
alteredCoder e0bd4dc928 fix linter 2023-08-24 12:11:54 +02:00
bui 4846701ed5 logging 2023-08-21 15:34:18 +02:00
mmetc cd9d8f309d
CI: increase test sleep to fix flaky acquisition/file test under win (#2410) 
* CI: increase test sleep to attempt fix for flaky windows acquitition/file test

* wip
 2023-08-08 16:11:32 +02:00
Sebastien Blot a4ee1e717e
try re2 for @rx operator 2023-08-02 11:47:35 +02:00
alteredCoder 885c283097 remove debug 2023-08-01 10:58:36 +02:00
alteredCoder cbf06c25fb fix outofband evt generation 2023-08-01 10:34:43 +02:00
alteredCoder 353926ec91 add debug 2023-07-31 18:47:54 +02:00
alteredCoder 4332598cd1 add debug 2023-07-31 18:44:32 +02:00
alteredCoder da37b5566d update 2023-07-31 18:35:35 +02:00
Sebastien Blot 711f0474d9
merge from master 2023-07-31 17:05:25 +02:00
Sebastien Blot dd83bdea6b
revert previous bad merge 2023-07-31 17:00:06 +02:00
alteredCoder fc8a0ee9d4 update 2023-07-31 15:06:42 +02:00
bui 4a38cb5bbb logging 2023-07-31 14:47:48 +02:00
bui e4e2bb5504 switch to properly compiled regexp to be able to bail out early 2023-07-31 14:45:21 +02:00
bui a7cd86f725 allow to select what variables shouldd be tracked 2023-07-31 12:15:04 +02:00
mmetc ffadd42779
update dependency on go-cs-lib; drop the pkg/ part (#2393) 2023-07-28 16:35:08 +02:00
Sebastien Blot dd5e38a2c5
expose internal coraza vars in evt.Waap 2023-07-27 10:01:56 +02:00
Sebastien Blot 2f5a6fbb4f
wip 2023-07-27 09:22:26 +02:00
Sebastien Blot 792961d757
wip 2023-07-27 09:22:26 +02:00
Sebastien Blot 01ced8fb99
merge 2023-07-27 09:22:26 +02:00
alteredCoder 4993758b36 handle missing headers 2023-07-26 12:47:16 +02:00
bui 54fd2e4e70 fixed 2023-07-20 16:47:07 +02:00
alteredCoder 779ea2e262 fix 2023-07-19 18:19:14 +02:00
alteredCoder 472f40b9d4 fix 2023-07-19 18:18:24 +02:00
alteredCoder ab2c152627 reduce verbosity 2023-07-19 14:39:57 +02:00
alteredCoder 7d8c931d00 add loggers 2023-07-19 14:35:02 +02:00
alteredCoder 8ba692b115 debug 2023-07-19 12:02:38 +02:00
alteredCoder cd5cb55a7e debug 2023-07-19 11:57:14 +02:00
alteredCoder d946286e5c remove spew 2023-07-19 11:50:42 +02:00
alteredCoder e543523ba3 update ban remediation 2023-07-19 10:34:22 +02:00
bui f7eaefa518 up 2023-07-18 18:12:17 +02:00
Sebastien Blot ef4fe8f5d3
merge 2023-07-13 16:22:21 +02:00
blotus 57547c32c9
Aggregate WAF rules into a single event (#2350) 2023-07-13 16:20:04 +02:00
bui a6ba0e869c imp logging 2023-07-11 09:29:17 +02:00
bui 8baeb70998 add metrics 2023-07-10 18:00:19 +02:00
blotus f9ca14f010
add object key in src for S3 acquis (#2342) 2023-07-07 10:09:18 +02:00
blotus 1295de928a
Properly match new files on windows when doing file acquisition (#2329) 2023-07-06 14:45:38 +02:00
alteredCoder 84b6570554 Revert "Merge remote-tracking branch 'origin' into coraza_poc_acquis" 
This reverts commit 7098e971c7, reversing
changes made to 13512891e4.
 2023-07-04 18:46:20 +02:00
alteredCoder 7098e971c7 Merge remote-tracking branch 'origin' into coraza_poc_acquis 2023-07-04 17:42:39 +02:00
alteredCoder 13512891e4 add waf_routines 2023-07-04 17:36:56 +02:00
mmetc bd41f855cf
errors.Wrap -> fmt.Errorf (#2317) 2023-06-29 11:34:59 +02:00
mmetc a910b7beca
non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2309) 
This on the other hand, gives a new fatal error when there are no valid datasources.
In the previous version, crowdsec kept running with just a warning if no
acquisition yaml or dir were specified.
 2023-06-27 10:13:13 +02:00
mmetc 9beb5388cb
errors.Wrap -> fmt.Errorf; clean up imports (#2301) 2023-06-23 14:04:58 +02:00
mmetc 8bfeb7d90d
Update go dependencies (#2293) 
- update fatih/color (fix windows issue)
- update mongo-driver (fix build issue)
- go.mod: merge two "require" blocks
- update semver dependency (same version as indirect dep), fix test checks in cscli setup
- remove gotest.tools dependency (use testify, cstest)
- update x/ exp, mod, sys dependencies
 2023-06-22 11:31:41 +02:00
Sebastien Blot 3fe6e3be14
check for interruption and ignore empty messages 2023-06-16 16:52:01 +02:00
alteredCoder 877d4fc32d update 2023-06-16 14:23:53 +02:00
alteredCoder 07b60233db update waf 2023-06-16 12:19:44 +02:00
Sebastien Blot 9180ac7be9
wip 2023-06-15 22:51:57 +02:00
Sebastien Blot 805752dc62
wip 2023-06-13 17:08:48 +02:00
alteredCoder 40f65de7b9 optim 2023-06-13 16:31:30 +02:00
alteredCoder fa172bed56 up 2023-06-13 15:41:32 +02:00
Sebastien Blot a2e6359880
merge 2023-06-09 13:01:58 +02:00
Sebastien Blot c46e2ccdad
up 2023-06-09 13:00:43 +02:00
alteredCoder 61e1cc29d5 update 2023-06-08 17:45:21 +02:00
Sebastien Blot 415e2dc68d
merge 2023-06-08 11:22:16 +02:00
bui 739d086325 up 2023-06-07 14:12:42 +02:00
bui 30455a8eb6 progress 2023-06-07 13:45:36 +02:00
bui d123254949 wip 2023-06-06 18:28:06 +02:00
Thibault "bui" Koechlin ee8b31348b
Merge branch 'master' into coraza_poc_acquis 2023-06-06 18:23:59 +02:00