bui
0cebf833c7
add options via WaapConfig for inband and outofband engines
2023-10-26 14:46:08 +02:00
bui
82bb8a2789
no leak plz
2023-10-26 13:01:11 +02:00
bui
f18b554177
warn at start if body reading is disabled
2023-10-26 12:45:59 +02:00
bui
6cbeefead6
up
2023-10-26 12:04:58 +02:00
bui
e49f33b4a7
Merge branch 'coraza_poc_acquis' of github.com:crowdsecurity/crowdsec into coraza_poc_acquis
2023-10-26 12:04:12 +02:00
bui
46ae0b3822
properly set default log level
2023-10-26 12:03:57 +02:00
Sebastien Blot
676352b5b1
new custom rule format
2023-10-25 18:45:49 +02:00
bui
4bfca8cab5
fix meta encoding
2023-10-25 13:54:57 +02:00
bui
eafffe7c94
up
2023-10-24 18:16:39 +02:00
bui
9edde09608
up
2023-10-24 18:16:30 +02:00
bui
1f3801f390
add the helpers and the type
2023-10-24 17:24:31 +02:00
bui
c02c74b5fe
shortcut for waap events
2023-10-24 17:24:16 +02:00
bui
b2bb15bb49
generate a special event for waap
2023-10-24 17:23:46 +02:00
bui
685006508c
make waap rules generate crowdsec events (again)
2023-10-24 13:43:27 +02:00
bui
03650401c5
default level
2023-10-24 10:57:22 +02:00
bui
00e1ffbf58
simplify a bit
2023-10-24 10:49:28 +02:00
bui
bd9df8f480
logger
2023-10-23 10:59:02 +02:00
bui
1b9d8c8226
logger
2023-10-23 10:54:26 +02:00
bui
c00b1abd72
logger
2023-10-23 10:54:11 +02:00
bui
2ff238d5f8
logger
2023-10-23 10:53:52 +02:00
bui
dca6faab08
logger
2023-10-23 10:53:39 +02:00
mmetc
ac98256602
Refact pkg/cwhub, cmd/crowdsec-cli ( #2557 )
...
- pkg/cwhub: change file layout, rename functions
- method Item.SubItems
- cmd/crowdsec-cli: generic code for hub items
- cscli: removing any type of items in a collection now requires --force
- tests
2023-10-20 14:32:35 +02:00
bui
b110c74487
allow description
2023-10-20 13:49:15 +02:00
bui
5dbc2758fa
warn user when setting unexpected default_remediation
2023-10-20 13:32:20 +02:00
Sebastien Blot
0acda36d33
up
2023-10-20 11:58:57 +02:00
Sebastien Blot
1468bb9681
up
2023-10-19 17:25:48 +02:00
Sebastien Blot
68c78249d5
up
2023-10-19 17:20:33 +02:00
Sebastien Blot
ef118a49ff
add waap-configs hub item
2023-10-19 16:53:00 +02:00
Sebastien Blot
15120a6d8f
merge hub-1.5.6
2023-10-19 14:19:37 +02:00
Sebastien Blot
350e8979b1
merge hub-1.5.6 branch
2023-10-19 12:18:16 +02:00
Marco Mariani
b89c5652ca
Merge branch 'master' into hub-1.5.6
2023-10-19 12:05:19 +02:00
mmetc
88e4f7c157
Refact pkg/csconfig, pkg/cwhub ( #2555 )
...
* csconfig: drop redundant hub information on *Cfg structs
* rename validItemFileName() -> item.validPath()
* Methods on hub object
* updated tests to reduce need of csconfig.Config or global state
2023-10-19 12:04:29 +02:00
Sebastien Blot
ecbdf2f0e1
merge master branch
2023-10-19 10:51:54 +02:00
bui
c89b42939e
naming
2023-10-18 17:17:57 +02:00
bui
98fb84d3e7
be consistent : waap-rules
2023-10-18 17:11:43 +02:00
Sebastien Blot
511468b8fe
up
2023-10-18 13:42:56 +02:00
mmetc
57d3ebba12
typo ( #2556 )
2023-10-18 10:03:02 +02:00
mmetc
be6555e46c
Refact pkg/csconfig, HubCfg ( #2552 )
...
- rename csconfig.Hub -> HubCfg
- move some Load*() functions to NewConfig()
- config.yaml: optional common section
- remove unused working_dir
2023-10-18 09:38:33 +02:00
Laurence Jones
d2d788c5dc
[hubtest] escpae scenario asssert meta keys ( #2551 )
2023-10-17 15:29:21 +01:00
mmetc
4eae40865e
HubIndex struct, comments, name changes ( #2549 )
...
* pkg/cwhub: rename PARSERS_OVFLW -> POSTOVERFLOWS
* mostly comments, some light cleanup
* move type hubtest.HubIndex -> cwhub.HubIndex
* move and rename LoadPkgIndex -> ParseIndex
* move displaySummary(), skippedLocal, skippedTainted to HubIndex struct
2023-10-17 16:17:37 +02:00
mmetc
325003bb69
Refact cscli item listing, tests ( #2547 )
...
* hub diet; taint tests
* cmd/crowdsec-cli: split utils.go, moved cwhub.GetHubStatusForItemType()
* cscli: refactor hub list commands, fix edge cases
2023-10-17 16:12:41 +02:00
mmetc
f496bd1692
bats: more cscli hub tests ( #2541 )
...
- updated logs and user messages
- added func tests for all the items: install, remove, upgrade, list
- rewritten taint tests for collections
- removed redundant csconfig.LoadPrometheus()
2023-10-17 16:12:41 +02:00
mmetc
a00bae6039
cmd/crowdsec-cli: remove global prometheusURL ( #2542 )
...
* cmd/crowdsec-cli: remove global prometheusURL
* PrometheusUrl now includes the path (/metrics)
2023-10-17 16:12:41 +02:00
mmetc
734ba46e6a
Refact cscli hub/item commands ( #2536 )
...
* log.Fatal -> fmt.Errorf
* lint cmd/crowdsec-cli hub items and split collection commands
* cscli collections: add examples
* cscli parsers: avoid globals
* cscli scenarios: avoid globals
* cscli collections, postoverflows: avoid globals
* cscli hub: avoid globals
* remove unused globals
2023-10-17 16:12:41 +02:00
mmetc
7db5bf8979
pkg/csconfig: set prometheus address:port defaults ( #2533 )
...
We set these default in one place (after loading the configuration)
instead of leaving that to both metric server and consumer.
2023-10-17 16:12:41 +02:00
Thibault "bui" Koechlin
a4dc5053d2
fix null deref in cti calls if key is empty ( #2540 )
...
* fix null deref in cti calls if key is empty
* avoid hardcoded error check
2023-10-17 09:34:53 +01:00
Sebastien Blot
d3bb9f8ae1
up
2023-10-17 09:32:40 +02:00
Laurence Jones
19de3a8a77
Runtime whitelist parsing improvement ( #2422 )
...
* Improve whitelist parsing
* Split whitelist check into a function tied to whitelist, also since we check node debug we can make a pointer to node containing whitelist
* No point passing clog as an argument since it is just a pointer to node we already know about
* We should break instead of returning false, false as it may have been whitelisted by ips/cidrs
* reimplement early return if expr errors
* Fix lint and dont need to parse ip back to string just loop over sources
* Log error with node logger as it provides context
* Move getsource to a function cleanup some code
* Change func name
* Split out compile to a function so we can use in tests. Add a bunch of tests
* spell correction
* Use node logger so it has context
* alternative solution
* quick fixes
* Use containswls
* Change whitelist test to use parseipsource and only events
* Make it simpler
* Postoverflow tests, some basic ones to make sure it works
* Use official pkg
* Add @mmetc reco
* Add @mmetc reco
* Change if if to a switch to only evaluate once
* simplify assertions
---------
Co-authored-by: bui <thibault@crowdsec.net>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
2023-10-16 10:08:57 +01:00
Thibault "bui" Koechlin
3cd4847093
sort map keys when generating asserts ( #2494 )
...
* sort map keys when generating asserts
2023-10-16 09:54:19 +02:00
Laurence Jones
b2a6eb92bf
Dont create 3 maps just pass the same one to expr ( #2421 )
2023-10-13 22:35:30 +01:00
Laurence Jones
f0cda0406b
Load file only once if specified twice, and bail earlier if type is unknown ( #2419 )
2023-10-13 22:34:57 +01:00
Laurence Jones
ff7acd3347
Reset grokky once all patterns are compiled as we do not need to hold them in memoory ( #2420 )
2023-10-13 12:53:42 +01:00
mmetc
a6b55f2b5e
cscli config feeature-flags: point user to the right location of feature.yaml ( #2539 )
2023-10-13 09:52:51 +02:00
mmetc
3b1563a538
Refact cscli hub / pkg/cwhub (part 6) ( #2524 )
...
* hub.ConfigDir -> hub.InstallDir; hub.DataDir -> hub.InstallDataDir
* cleanup GetInstalledItemsAsString()
* lint: ReferenceMissingError -> ErrMissingReference
* lint: parent_dir -> parentDir
* link: export Walker type
* lint: return error last
* lint: shadow
* move around and group variable definitions
2023-10-09 21:33:35 +02:00
mmetc
0ecb6eefee
add missing scenarios in first login when authenticating with TLS ( #2454 )
...
* refact jwt:Authenticator
* include scenarios in first login request for machines with tlsAuth
* log.Printf -> log.Infof
* errors.Wrap -> fmt.Errorf
* don't override validation error
* fix test
2023-10-09 15:26:38 +02:00
Manuel Sabban
6e228f3f3f
pkg/cwhub: cleanup in argument call ( #2527 )
...
* cleanup in argument call
* update test as well
* cwhub_tests: reduce verbosity and use helpers
---------
Co-authored-by: Marco Mariani <marco@crowdsec.net>
2023-10-09 13:26:34 +02:00
Laurence Jones
28238cb01f
reverse nil statement instead of else ( #2530 )
2023-10-09 11:36:05 +01:00
Laurence Jones
0dd22e8b93
convert ifelseif to switch ( #2529 )
2023-10-09 11:23:19 +01:00
mmetc
9ae8bd79c5
Refact pkg/csconfig tests ( #2526 )
...
* remove unused method
* whitespace, redundant comments
* use test helpers
* move DumpConsoleConfig() from pkg/csconfig to cscli
* package doc header
* var -> const
* rename ./tests -> ./testdata
* shorter tests with more error checks
* lint/formatting
* use helpers; fix tests that didn't actually test
* lint; rename expectedResult -> expected
2023-10-09 11:10:51 +02:00
blotus
6b5da29e3d
Use a default duration if no duration is provided in a profile ( #2520 )
2023-10-06 14:43:17 +02:00
Thibault "bui" Koechlin
6c20d38c41
ligten bucket logger ( #2523 )
2023-10-06 14:42:44 +02:00
mmetc
338141f067
Refact cscli hub / pkg/cwhub (part 5) ( #2521 )
...
* remove unused yaml tags
* cscli/cwhub: deduplicate, remove dead code
* log.Fatal -> fmt.Errorf
* deflate utils.go by moving functions to respective files
* indexOf() -> slices.Index()
* ItemStatus() + toEmoji() -> Item.status()
* Item.versionStatus()
* move getSHA256() to loader.go
2023-10-06 13:59:51 +02:00
mmetc
9235f55c47
Refact pkg/cwhub (part 4) ( #2518 )
...
* generalize function: GetInstalledItems, GetInstalledItemsAsString
* extracted function itemKey, happy path
* review comments / remove redundant; rename file to remove build tags
* remove unused fields in Item struct
* unix build tag
2023-10-05 09:35:03 +02:00
Sebastien Blot
92a3c4b2fb
up
2023-10-04 14:17:21 +02:00
mmetc
61d4ccbfdd
use go 1.21.1 ( #2418 )
...
* use go 1.21.1, require 1.21
* import "slices" from stdlib
* allow codeql to set version number from tags
* codeql: custom WASM build - the automated one can silently fail
2023-10-04 13:01:57 +02:00
mmetc
89028f17cf
Refact pkg/cwhub (part 3) ( #2516 )
...
* removed unused error; comment
* rename loop variables
* happy path
* rename loop variables
* extract function, method
* log.Printf -> log.Infof
* tests -> testdata
from "go help test":
The go tool will ignore a directory named "testdata", making it available
to hold ancillary data needed by the tests.
* align tags
* extract function toEmoji
2023-10-04 12:54:21 +02:00
mmetc
3253b16f0f
Refact pkg/cwhub (part 2) ( #2513 )
...
* remove globals for walker callback
* extract method getItemInfo()
* code dedup, if/else -> switch
* dedent: happy path
* remove target variable
2023-10-04 11:17:35 +02:00
mmetc
d39131d154
Refact pkg/cwhub (part 1) ( #2512 )
...
* wrap errors, whitespace
* remove named return
* reverse CheckSuffix logic, rename function
* drop redundant if/else, happy path
* log.Fatal -> fmt.Errorf
* simplify GetItemMap, AddItem
* var -> const
* removed short-lived vars
* de-duplicate function and reverse logic
2023-10-04 10:34:10 +02:00
Sebastien Blot
dd7fa82543
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
535738b962
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
d3ce4cbf8e
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
d5e0c8a36b
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
7fdd4d04fe
up
2023-10-04 10:25:32 +02:00
Sebastien Blot
ca930cce09
wip
2023-10-04 10:25:32 +02:00
Sebastien Blot
502e21bc5b
wip
2023-10-04 10:25:31 +02:00
mmetc
8b5ad6990d
lint: pkg/cwhub ( #2510 )
...
no functional changes
- reformat
- comments
- whitespace
- removed a dot or two in log messages
- some "var x=y" -> x:=y
2023-10-03 11:20:56 +02:00
mmetc
6dadfcb2ef
refact: simplify hubtest CopyDir() ( #2509 )
2023-10-03 11:17:02 +02:00
mmetc
bfda483c0a
fix issue #2499 - nil dereference while using capi whitelists ( #2501 )
2023-10-02 11:42:17 +02:00
Laurence Jones
b8e6bd8c9a
[Explain] s02 can cause panic if empty ( #2486 )
...
* Add parsers length check as it can panic is enrich is empty
* Lets get smarter and loop backwards to find last successful stage
* Shorten code
---------
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
2023-09-29 12:03:56 +01:00
mmetc
95ed308207
cscli setup: accept stdin; fix proftpd detection test and service unmask ( #2496 )
2023-09-29 12:58:35 +02:00
Thibault "bui" Koechlin
8f6659a2ec
fix the float comparison by using Abs(a,b) < 1e-6 approach (IEEE 754). Move the initializiation of expr helpers ( #2492 )
2023-09-28 17:22:00 +02:00
Laurence Jones
37c0c067a8
cscli hubtest whitelist ( #2479 )
...
* Initial tests
* Always print whitelist as we can compare if we mess up the opposite way
2023-09-20 16:42:19 +01:00
Thibault "bui" Koechlin
e4dcdd2572
fix include_capi filter ( #2478 )
2023-09-20 11:56:00 +02:00
mmetc
ac01faf483
strip '=' signs from encoded api keys ( #2472 )
...
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
2023-09-19 14:00:23 +02:00
Thibault "bui" Koechlin
4c08e1e68c
exclude 'lists' too if we exclude CAPI ( #2474 )
2023-09-19 13:56:22 +02:00
mmetc
d5b6f2974b
Avoid sending nil body with metrics ( #2470 )
2023-09-19 13:53:50 +02:00
Laurence Jones
64deeab1ec
Fix PO expr whitelist ( #2471 )
2023-09-19 12:51:03 +01:00
bui
42341222df
up
2023-09-19 08:54:31 +02:00
bui
a8321b5cc5
up
2023-09-14 09:43:22 +02:00
bui
6a47b9e97d
up
2023-09-13 18:03:03 +02:00
bui
7081666199
up
2023-09-13 17:34:53 +02:00
bui
2e60e8021c
up wip
2023-09-13 17:12:09 +02:00
blotus
43ef32aa8d
Kafka acquisition: do not create empty events when a read error occurs ( #2466 )
2023-09-13 13:20:36 +02:00
bui
c435447d8e
up
2023-09-13 10:57:29 +02:00
bui
6930b1e3e5
up
2023-09-13 10:45:06 +02:00
bui
1286efc74f
up
2023-09-12 18:17:58 +02:00
Thibault "bui" Koechlin
0040569fa9
if 'include capi' is false, only exclude capi alerts instead of assuming they necessarily have attached decisions ( #2435 )
2023-09-12 11:19:36 +02:00
mmetc
d45bec4047
minor log message improvements ( #2455 )
2023-09-12 11:04:56 +02:00
bui
5a0b1b72d3
up
2023-09-12 10:42:28 +02:00
bui
1a5799e058
up
2023-09-12 09:45:14 +02:00
Thibault "bui" Koechlin
4e26e23725
Waap config ( #2460 )
...
* revamp wip
2023-09-11 10:35:14 +02:00
bui
24d2c264a7
clarify logging if triggering inband or outofband rules
2023-09-05 17:56:02 +02:00
mmetc
fd94e2c056
refactor alert/decisions insert/update to avoid database locking in bulk operations ( #2446 )
2023-09-04 14:21:45 +02:00
Laurence Jones
aff80a2863
Add html escape function so it can be invoked from template ( #2451 )
2023-09-04 09:49:39 +01:00
alteredCoder
0379574b14
support SSL for waf
2023-08-31 11:07:51 +02:00
mmetc
25868f27de
option db_client.decision_bulk_size ( #2440 )
2023-08-25 17:05:17 +02:00
mmetc
c588be0842
golangci-lint: use v1.54, remove unnecessary byte/string conversions ( #2438 )
2023-08-25 16:22:10 +02:00
alteredCoder
e0bd4dc928
fix linter
2023-08-24 12:11:54 +02:00
mmetc
2aa55e9444
move plugins/notifications/* to cmd/notification-* ( #2429 )
...
This ensures keeping all dependencies in sync, and simplifies
packaging under freebsd/gentoo/etc because there is a single
vendor directory.
2023-08-24 09:46:25 +02:00
mmetc
e36df40ba7
pkg/types cleanup ( #2398 )
...
* move function GetLineCountForFile from pkg/types to cscli
* move ParseDuration from pkg/types to pkg/database
* remove unused types.Profile, types.RemediationProfile
2023-08-24 09:44:46 +02:00
Laurence Jones
86d9384954
Whitelist reason ( #2439 )
...
* Update node.go
Dont update whitelist reason if event is whitelisted
* oops
2023-08-23 14:51:37 +01:00
bui
4846701ed5
logging
2023-08-21 15:34:18 +02:00
mmetc
6a6501691a
change behavior of flag disable_http_retry_backoff ( #2426 )
...
now it does not attempt any retry, instead of attempting all retries
immediately
example: cannot reach LAPI
Before:
$ CROWDSEC_FEATURE_DISABLE_HTTP_RETRY_BACKOFF=true cscli decisions list
ERRO[27-07-2023 10:44:44] error while performing request: dial tcp [::1]:8080: connect: connection refused; 4 retries left
INFO[27-07-2023 10:44:44] retrying in 0 seconds (attempt 2 of 5)
[...]
ERRO[27-07-2023 10:44:44] error while performing request: dial tcp [::1]:8080: connect: connection refused; 1 retries left
INFO[27-07-2023 10:44:44] retrying in 0 seconds (attempt 5 of 5)
ERRO[27-07-2023 10:44:44] error while performing request: dial tcp [::1]:8080: connect: connection refused; 0 retries left
FATA[27-07-2023 10:44:44] Unable to list decisions : performing request: Get "http://localhost:8080/v1/alerts?has_active_decision=true&include_capi=false&limit=100 ": could not get jwt token: Post "http://localhost:8080/v1/watchers/login ": dial tcp [::1]:8080: connect: connection refused
After:
$ CROWDSEC_FEATURE_DISABLE_HTTP_RETRY_BACKOFF=true ./test/local/bin/cscli decisions list
FATA[11-08-2023 16:49:58] unable to retrieve decisions: performing request: Get "http://127.0.0.1:8080/v1/alerts?has_active_decision=true&include_capi=false&limit=100 ": could not get jwt token: Post "http://127.0.0.1:8080/v1/watchers/login ": dial tcp 127.0.0.1:8080: connect: connection refused
2023-08-16 21:04:07 +02:00
mmetc
afeb541eac
apic: minor refactoring ( #2415 )
...
* apic: minor refactoring
* Add whitelist length check
If user configures the file but fails to define and actual whitelist we should check length to save allocs
* Init with length from file
* extract loop method from ApplyApicWhitelists
* pass pointer
* extract loop method updateBlocklist
---------
Co-authored-by: Laurence Jones <laurence.jones@live.co.uk>
2023-08-10 13:03:47 +02:00
Laurence Jones
93c22f29cf
Unmarshal Json ( #2414 )
...
Log the actual line that caused an error to help debugging
2023-08-09 09:42:08 +01:00
Manuel Sabban
d6361d0a40
conditional overflow doesn't overflow on capacity ( #2412 )
...
* conditional overflow doesn't overflow on capacity
* typo
2023-08-08 16:12:50 +01:00
mmetc
cd9d8f309d
CI: increase test sleep to fix flaky acquisition/file test under win ( #2410 )
...
* CI: increase test sleep to attempt fix for flaky windows acquitition/file test
* wip
2023-08-08 16:11:32 +02:00
Laurence Jones
0334a9afe8
Add method name to child logger so we can see which function is erroring when in enrichers ( #2411 )
2023-08-08 13:38:11 +01:00
Sebastien Blot
a4ee1e717e
try re2 for @rx operator
2023-08-02 11:47:35 +02:00
Sebastien Blot
59e3d0dfce
distinct: return emtpy slice
2023-08-02 11:43:49 +02:00
alteredCoder
885c283097
remove debug
2023-08-01 10:58:36 +02:00
alteredCoder
cbf06c25fb
fix outofband evt generation
2023-08-01 10:34:43 +02:00
alteredCoder
353926ec91
add debug
2023-07-31 18:47:54 +02:00
alteredCoder
4332598cd1
add debug
2023-07-31 18:44:32 +02:00
alteredCoder
51295ef577
fix
2023-07-31 18:39:15 +02:00
alteredCoder
da37b5566d
update
2023-07-31 18:35:35 +02:00
alteredCoder
343d22e7b3
fix rules helpers
2023-07-31 18:29:00 +02:00
Sebastien Blot
711f0474d9
merge from master
2023-07-31 17:05:25 +02:00
Sebastien Blot
dd83bdea6b
revert previous bad merge
2023-07-31 17:00:06 +02:00
alteredCoder
fc8a0ee9d4
update
2023-07-31 15:06:42 +02:00
bui
4a38cb5bbb
logging
2023-07-31 14:47:48 +02:00
bui
e4e2bb5504
switch to properly compiled regexp to be able to bail out early
2023-07-31 14:45:21 +02:00
bui
a7cd86f725
allow to select what variables shouldd be tracked
2023-07-31 12:15:04 +02:00
Laurence Jones
a18df9c3bb
Add bouncers prune command ( #2379 )
...
* Add bouncers prune command
* No point overloading functions
* Add prune to list of commands
* change all short desc to be similar, and made it really really clear when pruning it is not recoverable
* Dont use log. and dont return error on user input to abort
2023-07-28 15:37:39 +01:00
mmetc
ffadd42779
update dependency on go-cs-lib; drop the pkg/ part ( #2393 )
2023-07-28 16:35:08 +02:00
Laurence Jones
55247cd46a
Add machines prune command ( #2011 )
...
* Add machines prune command
* Fix scope variable for naming scheme
* Add some freshness and add new features
* Fix force and fix duration if less than 60
* Allow duration to be more readable
* Fix description
* Improve func wording and make int machines length
* No point overloading functions
* Add prune to list of commands
* Check if GID is already the group if so no need to chown
* Revert "Check if GID is already the group if so no need to chown"
This reverts commit c7cef1773e
.
* change all short desc to be similar, and made it really really clear when pruning it is not recoverable
* Better examples
* Match bouncer like for like
* Fix merge error
* Dont use log. and dont return error on user input to abort
2023-07-28 15:23:47 +01:00
mmetc
ae53c0f1cc
fix "crowdsec-cli/require" log verbosity ( #2390 )
2023-07-28 09:56:20 +02:00
Thibault "bui" Koechlin
718721b341
fix a confusing debug message ( #2386 )
...
* fix a confusing debug message
* make CTIHelper simply log the error to avoid failing template rendering
2023-07-28 09:52:21 +02:00
mmetc
5cb7013575
Check cscli preconditions with crowdsec-cli/require package ( #2388 )
2023-07-27 17:02:20 +02:00
Sebastien Blot
dd5e38a2c5
expose internal coraza vars in evt.Waap
2023-07-27 10:01:56 +02:00
Sebastien Blot
2f5a6fbb4f
wip
2023-07-27 09:22:26 +02:00
Sebastien Blot
f7e098047f
waf_rules -> waf-rules
2023-07-27 09:22:26 +02:00
Sebastien Blot
792961d757
wip
2023-07-27 09:22:26 +02:00
Sebastien Blot
01ced8fb99
merge
2023-07-27 09:22:26 +02:00
alteredCoder
4993758b36
handle missing headers
2023-07-26 12:47:16 +02:00
mmetc
a01ce18b98
replace imports of path with path/filepath ( #2330 )
2023-07-26 10:29:58 +02:00
alteredCoder
c17b103f06
take method from header
2023-07-25 15:24:36 +02:00
Laurence Jones
389ea4293f
Add metabase version override and update ( #2370 )
...
* Add version override and update
* Ooppsie
* Quick fix
* fgs copilot
* Allow user to overwrite image, add warning for exposing metabase and general cleanup
* One ix
* Default image if not found in config, and add a warning to remove and update
* Reorder check system memory checks so it inline with @mmetc best pratices
* No need for err
* Clean up some group code
* Change ipv6 as [] seems to wildcard
* Split loopback warn and disclaimer. Add force yes to start to allow user to accept disclaimer by default
* All cmd commands are RunE clean up
* Update flag name and dont allow a shorthand
2023-07-25 14:21:25 +01:00
mmetc
395cace69f
fix double push of metrics by properly handling tickers ( #2374 )
2023-07-25 12:19:26 +02:00
blotus
7106d396dc
expose the FormatAlert function to other packages ( #2248 )
2023-07-25 09:55:39 +02:00
AlteredCoder
b52b4252c1
scenario labels to map string interface ( #2201 )
...
* labels are now map string interface
* restore api url
---------
Co-authored-by: Laurence Jones <laurence.jones@live.co.uk>
2023-07-24 15:19:28 +02:00
mmetc
46fff0b544
Update dependency: docker/docker ( #2360 )
2023-07-24 11:53:33 +02:00
mmetc
b6b6fd026b
typo fix, uppercase 'API', adjusted log level ( #2361 )
2023-07-21 23:23:24 +02:00
bui
a326ffbb1e
add distinct
2023-07-20 17:30:58 +02:00
bui
b33ba277bf
add flatten to manipulate arrays of arrays
2023-07-20 17:10:01 +02:00
bui
54fd2e4e70
fixed
2023-07-20 16:47:07 +02:00
Manuel Sabban
9ac5aeda79
fix the ci by adding the ability to enforce event ordering ( #2347 )
...
* fix the ci by adding the ability to enforce event ordering
2023-07-20 11:41:30 +02:00
alteredCoder
779ea2e262
fix
2023-07-19 18:19:14 +02:00
alteredCoder
472f40b9d4
fix
2023-07-19 18:18:24 +02:00
alteredCoder
ab2c152627
reduce verbosity
2023-07-19 14:39:57 +02:00
alteredCoder
7d8c931d00
add loggers
2023-07-19 14:35:02 +02:00
alteredCoder
8ba692b115
debug
2023-07-19 12:02:38 +02:00
alteredCoder
cd5cb55a7e
debug
2023-07-19 11:57:14 +02:00
alteredCoder
d946286e5c
remove spew
2023-07-19 11:50:42 +02:00
alteredCoder
e543523ba3
update ban remediation
2023-07-19 10:34:22 +02:00
bui
f7eaefa518
up
2023-07-18 18:12:17 +02:00
Sebastien Blot
ef4fe8f5d3
merge
2023-07-13 16:22:21 +02:00
blotus
57547c32c9
Aggregate WAF rules into a single event ( #2350 )
2023-07-13 16:20:04 +02:00
bui
a6ba0e869c
imp logging
2023-07-11 09:29:17 +02:00
bui
8baeb70998
add metrics
2023-07-10 18:00:19 +02:00
blotus
f9ca14f010
add object key in src for S3 acquis ( #2342 )
2023-07-07 10:09:18 +02:00
blotus
1295de928a
Properly match new files on windows when doing file acquisition ( #2329 )
2023-07-06 14:45:38 +02:00
mmetc
c10bca93df
update dependencies on go-plugin and go-hclog ( #2341 )
...
* update dependencies on go-plugin and go-hclog
* bump logrus (panic fix)
* implement HCLogAdapter.Getleve() to satisfy the new interface
2023-07-06 12:01:07 +02:00
mmetc
9967d60987
errors.Wrap -> fmt.Errorf ( #2333 )
2023-07-06 10:14:45 +02:00
alteredCoder
84b6570554
Revert "Merge remote-tracking branch 'origin' into coraza_poc_acquis"
...
This reverts commit 7098e971c7
, reversing
changes made to 13512891e4
.
2023-07-04 18:46:20 +02:00
alteredCoder
7098e971c7
Merge remote-tracking branch 'origin' into coraza_poc_acquis
2023-07-04 17:42:39 +02:00
alteredCoder
13512891e4
add waf_routines
2023-07-04 17:36:56 +02:00
mmetc
17cd792826
CI: update ansible tests for re2 ( #2318 )
2023-06-29 16:35:19 +02:00
mmetc
bd41f855cf
errors.Wrap -> fmt.Errorf ( #2317 )
2023-06-29 11:34:59 +02:00
blotus
e61d5a3034
rename status to state in fire response ( #2313 )
2023-06-29 11:06:49 +02:00
mmetc
893394ef5f
rename metabase APIClient to avoid confusion ( #2305 )
2023-06-27 15:07:16 +02:00
mmetc
e404e0b608
raise error with invalid 'on_success', 'on_failure' in profile ( #2303 )
2023-06-27 15:03:07 +02:00
mmetc
85839b0199
support for stdin with "cscli decision import" and raw values ( #2291 )
...
and remove Origin from the struct, which was ignored anyway
2023-06-27 14:29:42 +02:00
mmetc
a910b7beca
non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) ( #2309 )
...
This on the other hand, gives a new fatal error when there are no valid datasources.
In the previous version, crowdsec kept running with just a warning if no
acquisition yaml or dir were specified.
2023-06-27 10:13:13 +02:00
mmetc
507da49b5a
send metrics immediately if agents are added or removed ( #2296 )
2023-06-23 14:06:04 +02:00
mmetc
9beb5388cb
errors.Wrap -> fmt.Errorf; clean up imports ( #2301 )
2023-06-23 14:04:58 +02:00
mmetc
e42841cd00
Change api_key encoding to base64 to comply with bcrypt max size ( #2302 )
2023-06-23 13:54:36 +02:00
mmetc
62caffb102
update leakybucket readme ( #2298 )
2023-06-22 15:35:01 +02:00
mmetc
fddf597040
errors.Wrap -> fmt.Errorf; clean up imports ( #2297 )
2023-06-22 15:01:34 +02:00
mmetc
8bfeb7d90d
Update go dependencies ( #2293 )
...
- update fatih/color (fix windows issue)
- update mongo-driver (fix build issue)
- go.mod: merge two "require" blocks
- update semver dependency (same version as indirect dep), fix test checks in cscli setup
- remove gotest.tools dependency (use testify, cstest)
- update x/ exp, mod, sys dependencies
2023-06-22 11:31:41 +02:00
Emanuel Seemann
40e6b205bc
Add bayesian bucket type ( #2290 )
2023-06-21 15:08:27 +02:00
mmetc
da6106bd23
spellcheck/style leakybucket readme ( #2294 )
2023-06-21 11:47:07 +02:00
mmetc
f7409d47be
fix error message when failing to parse ip address ( #2292 )
...
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
2023-06-21 09:22:25 +02:00
Laurence Jones
2c8769adf6
Update jsonextract.go ( #2287 )
...
Return nil instead of empty string as ParseKV does the same
2023-06-16 18:34:55 +01:00
Sebastien Blot
3fe6e3be14
check for interruption and ignore empty messages
2023-06-16 16:52:01 +02:00
alteredCoder
877d4fc32d
update
2023-06-16 14:23:53 +02:00
alteredCoder
07b60233db
update waf
2023-06-16 12:19:44 +02:00
Sebastien Blot
9180ac7be9
wip
2023-06-15 22:51:57 +02:00
Sebastien Blot
805752dc62
wip
2023-06-13 17:08:48 +02:00
alteredCoder
40f65de7b9
optim
2023-06-13 16:31:30 +02:00