blotus
61bea26486
Add transform
configuration option for acquisition ( #2144 )
2023-03-29 16:04:17 +02:00
blotus
1095f6c875
use expr.Function for custom functions instead of passing them in the env ( #2133 )
2023-03-28 10:49:01 +02:00
blotus
91eb39cff6
New PAPI commands: reauth + force_pull ( #2129 )
2023-03-21 14:06:19 +01:00
Thibault "bui" Koechlin
a74e424d53
support ip and cidr based whitelists for capi and 3rd party blocklists ( #2132 )
...
* support ip and cidr based whitelists for capi and 3rd party blocklist
2023-03-21 11:50:10 +01:00
AlteredCoder
e61a464951
Fix cscli explain when running from testenv ( #2114 )
...
* Fix cscli explain when running from testenv
2023-03-15 10:26:40 +01:00
mmetc
e161507d08
Lint (type inference): remove redundant type declarations ( #2111 )
2023-03-09 11:56:02 +01:00
mmetc
9faa49c7e8
Load lapi config for config show output
( #2097 )
...
This adds URL and login parameters as it was intended.
Also rewrite configShow and displayOneAlert to use an embedded text/template for shorter code.
2023-03-08 22:47:25 +01:00
Thibault "bui" Koechlin
9d5aaf5ea2
add --origin to cscli decisions delete ( #2109 )
2023-03-08 18:29:20 +01:00
Thibault "bui" Koechlin
5b0fe4b7f1
support for regexps result cache ( #2104 )
...
* support for regexps result cache : gcache + xxhash
Co-authored-by: Marco Mariani <marco@crowdsec.net>
2023-03-08 16:07:49 +01:00
blotus
16a3be49e2
do not try to load PAPI is url is not set ( #2099 )
2023-03-06 15:38:58 +01:00
blotus
e27a0a0e14
display source in alerts list when an alert has multiple decisions ( #2098 )
2023-03-06 13:51:57 +01:00
blotus
b2c2c5ac59
add papi_url in credentials file when enabling console_management, and remove it when disabling console_management ( #2095 )
2023-03-03 17:03:21 +01:00
blotus
85ab9c68a2
Add cscli papi status
and cscli papi sync
( #2091 )
2023-03-03 13:46:28 +01:00
mmetc
f6d6c5bb2b
Add tests and typo fixes ( #2092 )
2023-03-03 11:06:27 +01:00
mmetc
a6bb2cf5e1
Fix log destination in one-shot mode ( #2084 )
2023-03-01 17:00:04 +01:00
Manuel Sabban
60b3f63851
ugly workaround to fix the tests ( #2080 )
...
* ugly workaround to fix the tests
* add comments
---------
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
2023-02-28 17:05:11 +01:00
Manuel Sabban
39a4a256fd
fix the way acquisition is stopped ( #2069 )
...
* fix the way acquisition is stopped by draining inputLineChan before terminating it.
---------
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
2023-02-27 11:21:25 +01:00
Laurence Jones
75d8b821ff
Explain successful parsers only ( #2063 )
...
* Add option to filter down explain to successful parsers useful for me who has every collection installed
* Altered naming conventions so it makes more sense when reading
2023-02-24 13:49:17 +00:00
mmetc
b7d1e2c483
replace log.Fatal -> fmt.Errorf ( #2058 )
2023-02-20 15:05:42 +01:00
blotus
83c3818504
Do not try to refresh JWT token when doing a login request ( #2059 )
2023-02-16 16:16:26 +01:00
Thibault "bui" Koechlin
1d7d377f8b
changes following BL tests ( #2038 )
...
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
2023-02-08 10:35:21 +01:00
Cristian Nitescu
987f119c4b
v3 capi and blocklists links support ( #2019 )
...
* v3 model generation
* v3 model generation
* comms
* fixes after master merge
* missing reader close
* use constants defined for types
---------
Co-authored-by: bui <thibault@crowdsec.net>
2023-02-06 14:06:14 +01:00
mmetc
b6be18ca65
cscli setup ( #1923 )
...
Detect running services and generate acquisition configuration
2023-02-06 07:33:04 +01:00
Thibault "bui" Koechlin
e927717fa0
Polling API Integration ( #1715 )
...
Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
2023-01-31 14:47:44 +01:00
mmetc
d369656b26
agent: fix message when -dsn is provided without -type ( #2009 )
2023-01-20 16:14:26 +01:00
mmetc
e5833699c0
cscli config feature-flags ( #2006 )
2023-01-20 09:32:10 +01:00
mmetc
4bffc0df21
break in smaller functions cscli hub, hubtest, notifications, parsers, scenarios, simulation ( #2004 )
2023-01-19 13:29:36 +01:00
mmetc
7bb74b9664
refact cscli decisions ( #2003 )
2023-01-19 11:02:00 +01:00
Thibault "bui" Koechlin
4f29ce2ee7
CTI API Helpers in expr ( #1851 )
...
* Add CTI API helpers in expr
* Allow profiles to have an `on_error` option to profiles
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
2023-01-19 08:45:50 +01:00
Marco Mariani
47dbfa770d
configure logging earlier
2023-01-18 15:15:18 +01:00
Marco Mariani
91b0f8fee1
load custom configuration paths when agent is disabled
2023-01-18 15:15:18 +01:00
Marco Mariani
2e91a82aa7
load feature.yaml as soon as possible
2023-01-18 15:15:18 +01:00
Marco Mariani
b603bdfccc
cscli refact: extracted New.*Cmd from alerts, capi, dashboard; removed (some) globals
2023-01-18 11:09:28 +01:00
mmetc
51800132cd
improve feature flag logging ( #1986 )
...
For cscli: it should provide a terse output, not nag users with configuration details. Although it's usually important that cscli and crowdsec have the same enabled features, having it list them every time the command is invoked can be too much.
For crowdsec: when features are set from the environment, it's too early to log where we should. So we can use log.Debug at activation time, and list them again once logging is configured.
- wrap some functions in csconfig for convenience and DRY
- for each enabled feature, log.Debug
- log all enabled features once as Info (crowdsec) or Debug (cscli)
- file does not exist -> log.Trace
2023-01-13 13:42:42 +01:00
mmetc
157589d31e
cscli explain: add crowdsec path option ( #1983 )
2023-01-12 17:04:28 +01:00
Thibault "bui" Koechlin
6fb962a941
Allow parsers to capture data for future enrichment ( #1969 )
...
* Allow parsers to capture data in a cache, that can be later accessed via expr helpers (fake multi-line support)
2023-01-11 15:01:02 +01:00
mmetc
cd4dabde0e
silence yaml.local explicitly in cscli, keep in crowdsec/bouncer logs ( #1981 )
2023-01-11 09:50:46 +01:00
mmetc
c4deaf0994
cscli: avoid initializing the db configuration twice ( #1982 )
2023-01-11 09:50:12 +01:00
AlteredCoder
185f9ad541
Alert context ( #1895 )
...
Co-authored-by: bui <thibault@crowdsec.net>
2023-01-04 16:50:02 +01:00
mmetc
59f6610721
separate cscli cobra constructors: lapi, machines, bouncers, postoverflows ( #1945 )
2022-12-30 10:13:52 +01:00
mmetc
6efc2688b1
simplify feature flags ( #1947 )
...
Now checking for a feature flag is a one liner,
with no need to control errors.
if fflag.Crowdsec.CscliSetup.IsEnabled() {
...
}
2022-12-26 14:23:41 +01:00
mmetc
c022eb1b86
remove ignored flag "-m" in "cscli machines delete" (it takes a positional argument) ( #1943 )
2022-12-23 17:13:20 +01:00
mmetc
ef3a130d54
Cscli config refactoring ( #1934 )
2022-12-22 12:22:55 +01:00
mmetc
5d2c99bb17
runtime feature flag initialization
2022-12-21 17:19:20 +01:00
mmetc
a32aa96752
feature flags ( #1933 )
...
Package fflag provides a simple feature flag system.
Feature names are lowercase and can only contain letters, numbers, undercores
and dots.
good: "foo", "foo_bar", "foo.bar"
bad: "Foo", "foo-bar"
A feature flag can be enabled by the user with an environment variable
or by adding it to {ConfigDir}/feature.yaml
I.e. CROWDSEC_FEATURE_FOO_BAR=true
or in feature.yaml:
```
---
- foo_bar
```
If the variable is set to false, the feature can still be enabled
in feature.yaml. Features cannot be disabled in the file.
A feature flag can be deprecated or retired. A deprecated feature flag is
still accepted but a warning is logged. A retired feature flag is ignored
and an error is logged.
A specific deprecation message is used to inform the user of the behavior
that has been decided when the flag is/was finally retired.
2022-12-20 16:11:51 +01:00
mmetc
6c19beb937
set cscli log timestamp to 24h ( #1917 )
2022-12-09 16:48:24 +01:00
blotus
fdda940ac0
Add Kubernetes audit acquisition ( #1767 )
2022-12-06 13:47:29 +01:00
Manuel Sabban
3d72ca731a
Suggest bouncers and machines to delete ( #1896 )
...
* Suggest bouncers to delete
* Autocomplete machines delete cmd
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
* Fix lint.
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
* fix compilation (git merge errors)
* cleanup go.mod unneeded changes
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Co-authored-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Co-authored-by: sabban <15465465+sabban@users.noreply.github.com>
2022-12-05 15:39:54 +01:00
mmetc
fd3e668fe1
add -error flag to crowdsec binary ( #1903 )
2022-12-03 08:56:11 +01:00
mmetc
104f5d1fe6
lint: error handling cleanup ( #1877 )
2022-11-29 09:16:07 +01:00