Commit graph

52 commits

Author SHA1 Message Date
Thibault "bui" Koechlin
e4dcdd2572
fix include_capi filter (#2478) 2023-09-20 11:56:00 +02:00
Thibault "bui" Koechlin
4c08e1e68c
exclude 'lists' too if we exclude CAPI (#2474) 2023-09-19 13:56:22 +02:00
Thibault "bui" Koechlin
0040569fa9
if 'include capi' is false, only exclude capi alerts instead of assuming they necessarily have attached decisions (#2435) 2023-09-12 11:19:36 +02:00
mmetc
d45bec4047
minor log message improvements (#2455) 2023-09-12 11:04:56 +02:00
mmetc
fd94e2c056
refactor alert/decisions insert/update to avoid database locking in bulk operations (#2446) 2023-09-04 14:21:45 +02:00
mmetc
25868f27de
option db_client.decision_bulk_size (#2440) 2023-08-25 17:05:17 +02:00
mmetc
e36df40ba7
pkg/types cleanup (#2398)
* move function GetLineCountForFile from pkg/types to cscli
* move ParseDuration from pkg/types to pkg/database
* remove unused types.Profile, types.RemediationProfile
2023-08-24 09:44:46 +02:00
mmetc
9967d60987
errors.Wrap -> fmt.Errorf (#2333) 2023-07-06 10:14:45 +02:00
mmetc
85839b0199
support for stdin with "cscli decision import" and raw values (#2291)
and remove Origin from the struct, which was ignored anyway
2023-06-27 14:29:42 +02:00
mmetc
8bfeb7d90d
Update go dependencies (#2293)
- update fatih/color (fix windows issue)
- update mongo-driver (fix build issue)
- go.mod: merge two "require" blocks
- update semver dependency (same version as indirect dep), fix test checks in cscli setup
- remove gotest.tools dependency (use testify, cstest)
- update x/ exp, mod, sys dependencies
2023-06-22 11:31:41 +02:00
mmetc
f7409d47be
fix error message when failing to parse ip address (#2292)
Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>
2023-06-21 09:22:25 +02:00
Thibault "bui" Koechlin
8f71edaadd
do not error on this filter (#2182) 2023-05-04 13:06:15 +02:00
Thibault "bui" Koechlin
3041023ed8
add an optional flag to disable the fetch (#2169) 2023-04-14 11:39:16 +02:00
mmetc
20a1bc7d44
chore: simplify pkg/database/alerts (#2062) 2023-02-23 10:25:01 +01:00
mmetc
76ea3a063f
fix message "empty scenario" 2023-02-21 09:59:56 +01:00
Cristian Nitescu
987f119c4b
v3 capi and blocklists links support (#2019)
* v3 model generation

* v3 model generation

* comms

* fixes after master merge

* missing reader close

* use constants defined for types

---------

Co-authored-by: bui <thibault@crowdsec.net>
2023-02-06 14:06:14 +01:00
Thibault "bui" Koechlin
e927717fa0
Polling API Integration (#1715)
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
2023-01-31 14:47:44 +01:00
blotus
b7c4bfd4e3
Use explicit transaction when inserting community blocklist (#1835) 2022-10-26 10:48:17 +02:00
blotus
bb2f0e938f
Blocklist: Do not duplicate decisions when pulling (#1796) 2022-10-19 15:51:40 +02:00
Thibault "bui" Koechlin
ae6bf39495
support decisions deletion via scenario + alerts delete via ID (#1798) 2022-10-19 14:37:27 +02:00
Shivam Sandbhor
74659a82ab
Fast bulk alert delete (#1791) 2022-10-07 12:40:30 +02:00
mmetc
9b3be5c2e8
Bulk delete alert optimization (#1782) 2022-10-05 17:07:44 +02:00
AlteredCoder
02e0f3c095
Fix event.timestamp pointer usage (#1621)
* Fix event.timestamp pointer usage

* avoid returning an error when creating alerts if something goes wrong during the parsing

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
2022-06-30 17:35:42 +02:00
Thibault "bui" Koechlin
15902dcba6
fix #1615 : cleanup based on heartbeat instead (#1617) 2022-06-29 13:21:58 +02:00
mmetc
628d7be1d8
simplify err.Error() to err when used in printf context (#1603) 2022-06-22 15:53:53 +02:00
he2ss
3d6f015211
Add duration expr to add duration formula (#1556)
* add duration expr to add duration formula
2022-06-22 11:29:52 +02:00
Thibault "bui" Koechlin
a6ed08b239
Add alerts and decisions metrics, LAPI and agent timing prom metrics (#1546) 2022-06-22 11:14:34 +02:00
mmetc
d71279f023
added flag crowdsec --warning (#1461) 2022-06-22 09:38:23 +02:00
mmetc
10585bfecc
enabled linters and fixes for: misspell, predeclared, unconvert, ineffassign, gosimple, govet (#1595) 2022-06-16 14:41:54 +02:00
blotus
9c1b78395a
reduce verbosity of TLS auth and FlushAgentsAndBouncers (#1588) 2022-06-13 16:08:00 +02:00
Thibault "bui" Koechlin
1c0fe09576
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 16:05:52 +02:00
he2ss
e88e9946f9
Crowdsec/decisions_stream bug fix (#1517)
* Fix bug when stream interval is greater or equal to 60s

Co-authored-by: alteredCoder <kevin@crowdsec.net>
2022-05-27 15:23:59 +02:00
AlteredCoder
a645c928d4
Fix decisions list with --no-simu flag (#1482)
* Fix decisions list with --no-simu flag
2022-04-27 11:05:40 +02:00
mmetc
4b9a0c4ef7
typos (#1453) 2022-04-19 11:25:27 +02:00
mmetc
7c0593c659
noop code removal, typos and lint fixes (#1329) 2022-03-09 16:15:18 +01:00
Thibault "bui" Koechlin
cc1ab8c50d
switch to utc time everywhere (#1167)
* switch to utc time everywhere


Co-authored-by: alteredCoder <kevin@crowdsec.net>
2022-01-19 14:56:05 +01:00
AlteredCoder
b1a7ffb92f
fix postgreSQL count fail (#1184) 2022-01-19 14:50:53 +01:00
Thibault "bui" Koechlin
3bca25fd6d
lists support from central api (#1074)
* lists support from central api

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
2022-01-11 14:31:51 +01:00
AlteredCoder
d913ac160e
fix create alert bulk for decisions insertion (#1107)
* fix create alert bulk for decisions insertion
2021-12-16 18:26:19 +01:00
AlteredCoder
88d06260d7
add cscli decisions import (#1038)
* add cscli decisions import

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: bui <thibault@crowdsec.net>
2021-12-15 11:39:37 +01:00
blotus
dd03d07355
optimize the flush function by deleting alerts based on their id (#1054) 2021-11-17 10:15:38 +01:00
AlteredCoder
fb54388e93
Fix issue 1033 (#1034)
* Fix issue 1033
2021-11-02 12:16:33 +01:00
blotus
25a2d528b0
Alerts flush: Optimization of the flush mechanism (batch and limit to one job) + add cscli alerts flush command (#1024)
- Don't allow running more than one alert flush job at a time to prevent runaway CPU usage in some case. (fix High CPU after Upgrade to 1.2.0 #1022)
 - Add a cscli alerts flush command to manually flush the alerts in the database (fixes Improvement/Manual flush mechanism #1023 ).
 - Enable cascading deletion on alerts as we upgraded ent: Deleting an alert in the database will automatically delete all related decisions, events and meta
 - Add an index on alerts.id to try to improve flush performance with very big sqlite database.
- Flush alert now operates in batch
2021-10-26 13:33:45 +02:00
Thibault "bui" Koechlin
589cb72d41
enforce a bit more parsing for resillience (#928) 2021-09-02 12:34:20 +02:00
Thibault "bui" Koechlin
c188d401a3
Improve CAPI pull management (#871)
* prepare for new consensus : thousands of ips

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
2021-08-25 11:45:29 +02:00
Thibault "bui" Koechlin
fc7369c4ea
Fix big serialized entries (#877)
* bump serialized to 8k

* handle oversized serialized entry : progressively strip its size down
2021-08-03 15:46:10 +02:00
Thibault "bui" Koechlin
f881510f79
delete orphan nodes (fix #778) (#794)
* delete orphan nodes (for #778 and partially #781)

* and do it as well for decisions
2021-05-17 11:45:01 +02:00
AlteredCoder
c1abf69979
fix #677 (#684) 2021-03-12 15:10:56 +01:00
AlteredCoder
5544000d38
lapi: fix ipv6 operations (#567) 2021-01-14 16:27:45 +01:00
Thibault "bui" Koechlin
2e76097d35
Fix overflows of overflows requesting for different decision scope (#499) 2020-12-02 17:15:48 +01:00