We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Here is the cscli alerts inspect:
cscli alerts inspect
- Date: 2024-01-23 09:07:07 -0500 -0500 ╭─────────────────┬────────────────────────────────────────────────────────────────────────────────────────────────────╮ │ Key │ Value │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ ASNNumber │ 7922 │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ ASNOrg │ REDACTED-7922 │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ IsInEU │ false │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ IsoCode │ US │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ SourceRange │ REDACTED │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ datasource_path │ /var/log/nginx/access.log │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ datasource_type │ file │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ http_args_len │ 5 │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ http_path │ /remote.php/dav/addressbooks/users/REDACTED/z-server-generated--system/Database:REDACTED.vcf?photo │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ http_status │ 200 │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ http_user_agent │ Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0 │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ http_verb │ GET │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ log_type │ http_access-log │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ service │ http │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ source_ip │ REDACTED │ ├─────────────────┼────────────────────────────────────────────────────────────────────────────────────────────────────┤ │ timestamp │ 2024-01-23T09:07:07-05:00 │ ╰─────────────────┴────────────────────────────────────────────────────────────────────────────────────────────────────╯
$ cscli collections list COLLECTIONS ────────────────────────────────────────────────────────────────────────────────────────────────────────────── Name 📦 Status Version Local Path ────────────────────────────────────────────────────────────────────────────────────────────────────────────── crowdsecurity/base-http-scenarios ✔️ enabled 0.8 /etc/crowdsec/collections/base-http-scenarios.yaml crowdsecurity/http-cve ✔️ enabled 2.5 /etc/crowdsec/collections/http-cve.yaml crowdsecurity/linux ✔️ enabled 0.2 /etc/crowdsec/collections/linux.yaml crowdsecurity/nginx ✔️ enabled 0.2 /etc/crowdsec/collections/nginx.yaml crowdsecurity/sshd ✔️ enabled 0.3 /etc/crowdsec/collections/sshd.yaml ────────────────────────────────────────────────────────────────────────────────────────────────────────────── $ cscli bouncers list ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Name IP Address Valid Last API pull Type Version Auth Type ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── cs-firewall-bouncer-1696772033 127.0.0.1 ✔️ 2024-01-23T14:26:17Z crowdsec-firewall-bouncer v0.0.28-debian-pragmatic-af6e7e25822c2b1a02168b99ebbf8458bc6728e5 api-key nginx-1696772050 127.0.0.1 ✔️ 2024-01-23T14:26:20Z crowdsec-nginx-bouncer v1.0.4 api-key ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── $ cscli parsers list PARSERS ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Name 📦 Status Version Local Path ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────── crowdsecurity/dateparse-enrich ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml crowdsecurity/geoip-enrich ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml crowdsecurity/http-logs ✔️ enabled 1.2 /etc/crowdsec/parsers/s02-enrich/http-logs.yaml crowdsecurity/nextcloud-whitelist ✔️ enabled 0.7 /etc/crowdsec/parsers/s02-enrich/nextcloud-whitelist.yaml crowdsecurity/nginx-logs ✔️ enabled 1.5 /etc/crowdsec/parsers/s01-parse/nginx-logs.yaml crowdsecurity/sshd-logs ✔️ enabled 2.2 /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml crowdsecurity/syslog-logs ✔️ enabled 0.8 /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml crowdsecurity/whitelists ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/whitelists.yaml ───────────────────────────────────────────────────────────────────────────────────────────────────────────────────── $ cscli scenarios list SCENARIOS ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Name 📦 Status Version Local Path ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── crowdsecurity/CVE-2019-18935 ✔️ enabled 0.2 /etc/crowdsec/scenarios/CVE-2019-18935.yaml crowdsecurity/CVE-2022-26134 ✔️ enabled 0.2 /etc/crowdsec/scenarios/CVE-2022-26134.yaml crowdsecurity/CVE-2022-35914 ✔️ enabled 0.2 /etc/crowdsec/scenarios/CVE-2022-35914.yaml crowdsecurity/CVE-2022-37042 ✔️ enabled 0.2 /etc/crowdsec/scenarios/CVE-2022-37042.yaml crowdsecurity/CVE-2022-40684 ✔️ enabled 0.3 /etc/crowdsec/scenarios/CVE-2022-40684.yaml crowdsecurity/CVE-2022-41082 ✔️ enabled 0.4 /etc/crowdsec/scenarios/CVE-2022-41082.yaml crowdsecurity/CVE-2022-41697 ✔️ enabled 0.2 /etc/crowdsec/scenarios/CVE-2022-41697.yaml crowdsecurity/CVE-2022-42889 ✔️ enabled 0.3 /etc/crowdsec/scenarios/CVE-2022-42889.yaml crowdsecurity/CVE-2022-44877 ✔️ enabled 0.3 /etc/crowdsec/scenarios/CVE-2022-44877.yaml crowdsecurity/CVE-2022-46169 ✔️ enabled 0.2 /etc/crowdsec/scenarios/CVE-2022-46169.yaml crowdsecurity/CVE-2023-22515 ✔️ enabled 0.1 /etc/crowdsec/scenarios/CVE-2023-22515.yaml crowdsecurity/CVE-2023-22518 ✔️ enabled 0.2 /etc/crowdsec/scenarios/CVE-2023-22518.yaml crowdsecurity/CVE-2023-49103 ✔️ enabled 0.2 /etc/crowdsec/scenarios/CVE-2023-49103.yaml crowdsecurity/apache_log4j2_cve-2021-44228 ✔️ enabled 0.5 /etc/crowdsec/scenarios/apache_log4j2_cve-2021-44228.yaml crowdsecurity/f5-big-ip-cve-2020-5902 ✔️ enabled 0.2 /etc/crowdsec/scenarios/f5-big-ip-cve-2020-5902.yaml crowdsecurity/fortinet-cve-2018-13379 ✔️ enabled 0.3 /etc/crowdsec/scenarios/fortinet-cve-2018-13379.yaml crowdsecurity/grafana-cve-2021-43798 ✔️ enabled 0.2 /etc/crowdsec/scenarios/grafana-cve-2021-43798.yaml crowdsecurity/http-admin-interface-probing ✔️ enabled 0.2 /etc/crowdsec/scenarios/http-admin-interface-probing.yaml crowdsecurity/http-backdoors-attempts ✔️ enabled 0.4 /etc/crowdsec/scenarios/http-backdoors-attempts.yaml crowdsecurity/http-bad-user-agent ✔️ enabled 0.9 /etc/crowdsec/scenarios/http-bad-user-agent.yaml crowdsecurity/http-crawl-non_statics ✔️ enabled 0.4 /etc/crowdsec/scenarios/http-crawl-non_statics.yaml crowdsecurity/http-cve-2021-41773 ✔️ enabled 0.2 /etc/crowdsec/scenarios/http-cve-2021-41773.yaml crowdsecurity/http-cve-2021-42013 ✔️ enabled 0.2 /etc/crowdsec/scenarios/http-cve-2021-42013.yaml crowdsecurity/http-generic-bf ✔️ enabled 0.5 /etc/crowdsec/scenarios/http-generic-bf.yaml crowdsecurity/http-open-proxy ✔️ enabled 0.4 /etc/crowdsec/scenarios/http-open-proxy.yaml crowdsecurity/http-path-traversal-probing ✔️ enabled 0.3 /etc/crowdsec/scenarios/http-path-traversal-probing.yaml crowdsecurity/http-probing ✔️ enabled 0.3 /etc/crowdsec/scenarios/http-probing.yaml crowdsecurity/http-sensitive-files ✔️ enabled 0.3 /etc/crowdsec/scenarios/http-sensitive-files.yaml crowdsecurity/http-sqli-probing ✔️ enabled 0.3 /etc/crowdsec/scenarios/http-sqli-probing.yaml crowdsecurity/http-xss-probing ✔️ enabled 0.3 /etc/crowdsec/scenarios/http-xss-probing.yaml crowdsecurity/jira_cve-2021-26086 ✔️ enabled 0.2 /etc/crowdsec/scenarios/jira_cve-2021-26086.yaml crowdsecurity/netgear_rce ✔️ enabled 0.3 /etc/crowdsec/scenarios/netgear_rce.yaml crowdsecurity/nginx-req-limit-exceeded ✔️ enabled 0.3 /etc/crowdsec/scenarios/nginx-req-limit-exceeded.yaml crowdsecurity/pulse-secure-sslvpn-cve-2019-11510 ✔️ enabled 0.3 /etc/crowdsec/scenarios/pulse-secure-sslvpn-cve-2019-11510.yaml crowdsecurity/spring4shell_cve-2022-22965 ✔️ enabled 0.3 /etc/crowdsec/scenarios/spring4shell_cve-2022-22965.yaml crowdsecurity/ssh-bf ✔️ enabled 0.3 /etc/crowdsec/scenarios/ssh-bf.yaml crowdsecurity/ssh-slow-bf ✔️ enabled 0.4 /etc/crowdsec/scenarios/ssh-slow-bf.yaml crowdsecurity/thinkphp-cve-2018-20062 ✔️ enabled 0.4 /etc/crowdsec/scenarios/thinkphp-cve-2018-20062.yaml crowdsecurity/vmware-cve-2022-22954 ✔️ enabled 0.3 /etc/crowdsec/scenarios/vmware-cve-2022-22954.yaml crowdsecurity/vmware-vcenter-vmsa-2021-0027 ✔️ enabled 0.2 /etc/crowdsec/scenarios/vmware-vcenter-vmsa-2021-0027.yaml ltsich/http-w00tw00t ✔️ enabled 0.2 /etc/crowdsec/scenarios/http-w00tw00t.yaml ────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── $ cscli version 2024/01/23 09:30:31 version: v1.5.5-debian-pragmatic-amd64-d2d788c5dc0a9e387635276623c6781774a9dfd4 2024/01/23 09:30:31 Codename: alphaga 2024/01/23 09:30:31 BuildDate: 2023-10-24_08:03:17 2024/01/23 09:30:31 GoVersion: 1.21.3 2024/01/23 09:30:31 Platform: linux 2024/01/23 09:30:31 libre2: C++ 2024/01/23 09:30:31 Constraint_parser: >= 1.0, <= 2.0 2024/01/23 09:30:31 Constraint_scenario: >= 1.0, < 3.0 2024/01/23 09:30:31 Constraint_api: v1 2024/01/23 09:30:31 Constraint_acquis: >= 1.0, < 2.0
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Here is the
cscli alerts inspect
:The text was updated successfully, but these errors were encountered: