GalaxyData Community

Crowdsec List decisions from LAPI

Crowdsec provides a powerful and easy-to-use security solution for protecting your servers, applications, and networks from a wide range of cyber threats. It includes a number of features and functionalities that allow you to detect and block malicious traffic in real time, including the use of crowd-sourced intelligence and a range of decision making algorithms.

One of the key features of Crowdsec is its ability to make decisions based on crowd-sourced intelligence. This means that, rather than relying solely on its own internal data sources, Crowdsec can tap into data from a wide range of sources around the world, including other users of the platform and public data sources.

Crowdsec’s List decisions from LAPI feature provides an efficient way

[root@zodiac-u8-dedic ~]# cscli decisions list
│  ID   │  Source  │   Scope:Value    │          Reason           │ Action │ Country │      AS       │ Events │    expiration    │ Alert ID │
│ 14990 │ crowdsec │ Ip: │ crowdsecurity/ssh-slow-bf │ ban    │ CN      │ 4134 Chinanet │ 11     │ 3h57m5.4215347s  │ 4        │
│ 1     │ crowdsec │ Ip: │ crowdsecurity/ssh-bf      │ ban    │ CN      │ 4134 Chinanet │ 7      │ 3h53m30.4675242s │ 1        │
1 duplicated entries skipped
[root@zodiac-u8-dedic ~]# cscli alerts inspect -d 5
FATA[08-02-2023 11:01:19] can't find alert with id 5: API error: object not found
[root@zodiac-u8-dedic ~]# cscli alerts inspect -d 1


 - ID         : 1
 - Date       : 2023-02-08T15:54:37Z
 - Machine    : 5869b8362778408f83935b13887c3f5dAwipi2nes2GdrLyu
 - Simulation : false
 - Reason     : crowdsecurity/ssh-bf
 - Events Count : 7
 - Scope:Value: Ip:
 - Country    : CN
 - AS         : Chinanet
 - Begin      : 2023-02-08 15:54:19.223959266 +0000 UTC
 - End        : 2023-02-08 15:54:36.759955939 +0000 UTC

 - Active Decisions  :
│ ID │   scope:value    │ action │    expiration    │      created_at      │
│ 1  │ Ip: │ ban    │ 3h53m15.0865461s │ 2023-02-08T15:54:37Z │

 - Events  :

- Date: 2023-02-08 10:54:20 +0000 UTC
│       Key       │        Value         │
│ ASNNumber       │ 4134                 │
│ ASNOrg          │ Chinanet             │
│ IsInEU          │ false                │
│ IsoCode         │ CN                   │
│ SourceRange     │      │
│ datasource_path │ /var/log/secure      │
│ datasource_type │ file                 │
│ log_type        │ ssh_failed-auth      │
│ machine         │ zodiac-u8-dedic      │
│ service         │ ssh                  │
│ source_ip       │        │
│ target_user     │ root                 │
│ timestamp       │ 2023-02-08T10:54:20Z │

- Date: 2023-02-08 10:54:22 +0000 UTC
│       Key       │        Value         │
│ ASNNumber       │ 4134                 │
│ ASNOrg          │ Chinanet             │
│ IsInEU          │ false                │
│ IsoCode         │ CN                   │
│ SourceRange     │      │
│ datasource_path │ /var/log/secure      │
│ datasource_type │ file                 │
│ log_type        │ ssh_failed-auth      │
│ machine         │ zodiac-u8-dedic      │
│ service         │ ssh                  │
│ source_ip       │        │
│ target_user     │ root                 │
│ timestamp       │ 2023-02-08T10:54:22Z │

- Date: 2023-02-08 10:54:25 +0000 UTC
│       Key       │        Value         │
│ ASNNumber       │ 4134                 │
│ ASNOrg          │ Chinanet             │
│ IsInEU          │ false                │
│ IsoCode         │ CN                   │
│ SourceRange     │      │
│ datasource_path │ /var/log/secure      │
│ datasource_type │ file                 │
│ log_type        │ ssh_failed-auth      │
│ machine         │ zodiac-u8-dedic      │
│ service         │ ssh                  │
│ source_ip       │        │
│ target_user     │ root                 │
│ timestamp       │ 2023-02-08T10:54:25Z │

- Date: 2023-02-08 10:54:32 +0000 UTC
│       Key       │        Value         │
│ ASNNumber       │ 4134                 │
│ ASNOrg          │ Chinanet             │
│ IsInEU          │ false                │
│ IsoCode         │ CN                   │
│ SourceRange     │      │
│ datasource_path │ /var/log/secure      │
│ datasource_type │ file                 │
│ log_type        │ ssh_failed-auth      │
│ machine         │ zodiac-u8-dedic      │
│ service         │ ssh                  │
│ source_ip       │        │
│ target_user     │ root                 │
│ timestamp       │ 2023-02-08T10:54:32Z │

- Date: 2023-02-08 10:54:34 +0000 UTC
│       Key       │        Value         │
│ ASNNumber       │ 4134                 │
│ ASNOrg          │ Chinanet             │
│ IsInEU          │ false                │
│ IsoCode         │ CN                   │
│ SourceRange     │      │
│ datasource_path │ /var/log/secure      │
│ datasource_type │ file                 │
│ log_type        │ ssh_failed-auth      │
│ machine         │ zodiac-u8-dedic      │
│ service         │ ssh                  │
│ source_ip       │        │
│ target_user     │ root                 │
│ timestamp       │ 2023-02-08T10:54:34Z │

- Date: 2023-02-08 10:54:36 +0000 UTC
│       Key       │        Value         │
│ ASNNumber       │ 4134                 │
│ ASNOrg          │ Chinanet             │
│ IsInEU          │ false                │
│ IsoCode         │ CN                   │
│ SourceRange     │      │
│ datasource_path │ /var/log/secure      │
│ datasource_type │ file                 │
│ log_type        │ ssh_failed-auth      │
│ machine         │ zodiac-u8-dedic      │
│ service         │ ssh                  │
│ source_ip       │        │
│ target_user     │ root                 │
│ timestamp       │ 2023-02-08T10:54:36Z │


Exit mobile version