Tellsanguis
fd01ea59ee
- Playbooks Ansible avec rôles (common, cockpit, docker, services) - 30+ stacks Docker Compose avec reverse proxy Traefik - Ansible Vault pour gestion secrets - Intégration CrowdSec pour détection intrusions - Versions images Docker fixées pour reproductibilité
29 lines
No EOL
1.4 KiB
YAML
29 lines
No EOL
1.4 KiB
YAML
name: default_ip_remediation
|
|
#debug: true
|
|
filters:
|
|
- Alert.Remediation == true && Alert.GetScope() == "Ip"
|
|
decisions:
|
|
- type: ban
|
|
duration: 4h
|
|
#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
|
|
notifications:
|
|
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
|
|
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
|
|
- http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
|
|
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
|
|
on_success: break
|
|
---
|
|
name: default_range_remediation
|
|
#debug: true
|
|
filters:
|
|
- Alert.Remediation == true && Alert.GetScope() == "Range"
|
|
decisions:
|
|
- type: ban
|
|
duration: 4h
|
|
#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
|
|
notifications:
|
|
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
|
|
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
|
|
- http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
|
|
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
|
|
on_success: break |