beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1500 commits 83 branches 177 tags 151 MiB
Commit graph

35 commits

Author SHA1 Message Date
Thibault "bui" Koechlin
8cca4346a5
Application Security Engine Support (#2273) 
Add a new datasource that:
- Receives HTTP requests from remediation components
- Apply rules on them to determine whether they are malicious or not
- Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios)

The PR also adds support for 2 new hub items:
- appsec-configs: Configure the Application Security Engine (which rules to load, in which phase)
- appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang)

---------

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
Co-authored-by: Marco Mariani <marco@crowdsec.net>
 2023-12-07 12:21:04 +01:00
Thibault "bui" Koechlin
1dcf9d1ae1
Improved expr debugger (#2495) 
* new expr debugger

---------

Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
 2023-11-24 11:10:54 +01:00
Laurence Jones
0334a9afe8
Add method name to child logger so we can see which function is erroring when in enrichers (#2411) 2023-08-08 13:38:11 +01:00
mmetc
b9a3acb03f
light pkg/parser cleanup (#2279) 
* pkg/parser: clean up imports
* remove duplicate import
* simplify boolean expression
* don't check length before range
* if..else if.. -> switch/case
* errors.Wrap -> fmt.Errorf
* typo, lint
* redundant break
 2023-06-13 13:16:13 +02:00
mmetc
6096cb3c9b
Move grok_pattern.go away from pkg/types to trim bouncer dependencies (#2269) 2023-06-08 15:07:30 +02:00
blotus
6720d89845
fix lock when dumping the parsing state in explain mode (#2234) 2023-05-26 15:23:50 +01:00
Thibault "bui" Koechlin
77f2968267
fix the behavior of json unmarshal to not return the full map (#2199) 2023-05-16 09:10:38 +02:00
Laurence Jones
424215f228
Add ParseKV helper and rework UnmarshalJSON as a proper helper (#2184) 2023-05-12 09:43:01 +02:00
blotus
1095f6c875
use expr.Function for custom functions instead of passing them in the env (#2133) 2023-03-28 10:49:01 +02:00
Thibault "bui" Koechlin
855f9e6f8d
protect map w/ mutex to avoid concurrent map writes with cscli explain when having many concurrent parser routines (#2113) 2023-03-16 11:01:25 +01:00
mmetc
e161507d08
Lint (type inference): remove redundant type declarations (#2111) 2023-03-09 11:56:02 +01:00
blotus
fdda940ac0
Add Kubernetes audit acquisition (#1767) 2022-12-06 13:47:29 +01:00
Thibault "bui" Koechlin
866c200c31
Generic dateparse approach (#1669) 
* Allow any parser to suggest a format string for the date to be parsed.

* allow the enricher functions to get the parser's logger so they can inherit the level
 2022-07-28 16:41:41 +02:00
mmetc
10585bfecc
enabled linters and fixes for: misspell, predeclared, unconvert, ineffassign, gosimple, govet (#1595) 2022-06-16 14:41:54 +02:00
blotus
4b311684ab
Add more JSON expr helpers (#1576) 2022-06-08 12:15:29 +02:00
mmetc
799cc82bb5
functional tests, minor refactoring and lint/cleanup (#1570) 
* cmd/crowdsec: removed log.Fatal()s, added tests and print error for unrecognized argument
* updated golangci-lint to v1.46
* lint/deadcode: fix existing issues
* tests: cscli config backup/restore
* tests: cscli completion powershell/fish
* err check: pflags MarkHidden()
* empty .dockerignore (and explain the reason)
* tests, errors.Wrap
* test for CS_LAPI_SECRET and minor refactoring
* minor style changes
* log cleanup
 2022-06-06 15:24:48 +02:00
AlteredCoder
1e1741aa45
Allow to set static to a pointer and add IsIPV6 helper (#1540) 
* Allow to set static to a pointer and add IsIPV6 helper
 2022-05-19 16:28:25 +02:00
Cristian Nitescu
a49b023a28
GetExprEnv usage optimization (#1515) 
* avoid multiples calls to GetExprEnv

* cache ExprEnv in node process

* use global expression env

* remove block profile rate
 2022-05-17 10:50:37 +02:00
Thibault "bui" Koechlin
a74a41dac5
fix #1357 (#1358) 2022-03-16 09:40:00 +01:00
Thibault "bui" Koechlin
cc1ab8c50d
switch to utc time everywhere (#1167) 
* switch to utc time everywhere


Co-authored-by: alteredCoder <kevin@crowdsec.net>
 2022-01-19 14:56:05 +01:00
mmetc
7dee103b6e
typos of various nature (#1072) 2021-12-06 17:29:23 +01:00
Thibault "bui" Koechlin
af4bb350c0
hubtests revamp + cscli explain (#988) 
* New hubtest CI for scenarios/parsers from the hub
 * New `cscli explain` command to visualize parsers/scenarios pipeline

Co-authored-by: alteredCoder <kevin@crowdsec.net>
Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
Co-authored-by: he2ss <hamza.essahely@gmail.com>
Co-authored-by: Cristian Nitescu <cristian@crowdsec.net>
 2021-10-04 17:14:52 +02:00
AlteredCoder
5ae69aa293
fix stacktrace when mmdb file are not present (#935) 
* fix stacktrace when mmdb file are not present
 2021-09-09 16:27:30 +02:00
Thibault "bui" Koechlin
ce6a61df1c
Refactor Acquisition Interface (#773) 
* Add new acquisition interface + new modules (cloudwatch, syslog)

Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>
 2021-06-11 09:53:53 +02:00
registergoofy
7e9ce901a4
add TimeNow in the exprlib helpers (#756) 
* add TimeNow in the exprlib helpers
* add a default date when none is detected: when no date is recognised by ParseDate, then use time.Now()
 2021-04-16 19:13:48 +02:00
registergoofy
13881edbaa
export node logger (#537) 2020-12-14 14:12:22 +01:00
Thibault "bui" Koechlin
dbb420f79e
local api (#482) 
Co-authored-by: AlteredCoder
Co-authored-by: erenJag
 2020-11-30 10:37:17 +01:00
erenJag
89c8d1a527
rename metrics and update metrics helps (#152) 
* rename metrics and update metrics helps

* add meta info about crowdsec

Co-authored-by: erenJag <erenJag>
 2020-07-29 15:03:15 +02:00
AlteredCoder
2e30793188
Allow CrowdSec to start if geoip data are not downloaded (#92) 
* Allow CrowdSec to start if `geoip` data are not downloaded
 2020-06-25 12:36:01 +02:00
Thibault "bui" Koechlin
64c5fa7360
CI: add a CI to test parsers (#67) 2020-06-10 12:14:27 +02:00
Thibault bui Koechlin
e643bb5b31 linter fixes, inefficient assignments 2020-05-20 17:50:56 +02:00
Thibault bui Koechlin
e6cad40ac4 more linting fixes 2020-05-20 11:26:21 +02:00
Thibault bui Koechlin
fe68914628 more linter fixes (simplicity mostly) 2020-05-20 11:00:25 +02:00
Thibault bui Koechlin
db9e1e280d fix linter warnings : dead code, simplification 2020-05-20 10:49:17 +02:00
Thibault bui Koechlin
2016167654 initial import 2020-05-15 11:39:16 +02:00