crowdsec

mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-12 04:45:52 +02:00

Author	SHA1	Message	Date
Sebastien Blot	94d368604d	remove all acquis module except file and syslog	2024-09-02 14:43:58 +02:00
blotus	a3d7900b5f	update expr (#3144 )	2024-07-22 12:14:46 +02:00
mmetc	206211ce53	lint: import statement order (#3085 ) * lint: import statement order * lint	2024-06-26 12:16:17 +02:00
mmetc	4b988701ed	lint (intrange) (#2970 )	2024-06-21 13:47:26 +02:00
mmetc	659774fd3d	refactor: prefer logrus.WithField over WithFields with a single param (#3087 )	2024-06-20 10:38:23 +02:00
Laurence Jones	9088f31b7d	enhance: container discovery via labels (#2959 ) * wip: attempt to autodiscover via labels * wip: remove labels dep on docker acquistion * wip: remove labels dep on docker acquistion * wip: add debug * wip: try fix parser maps * wip: remove redundant pointer * wip: add debug * wip: cant type assert * wip: reinstate debug * wip: reinstate debug * wip: reinstate debug * wip: oops * wip: add a debug * wip: fix labels * wip: remove redundant paramter * wip: rename config option to be more self declarative * wip: update log wording * wip: the if check was not correct * wip: me lost * fix: add checks to typecast and log useful information * add tests for parseLabels * return nil instead of pointer to empty struct * simplify EvalContainer return value --------- Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>	2024-05-24 14:27:25 +01:00
Thibault "bui" Koechlin	b1c09f7512	acquisition : take prometheus level into account (#2885 ) * properly take into account the aggregation level of prometheus metrics in acquisition	2024-03-13 14:57:19 +01:00
Thibault "bui" Koechlin	8cca4346a5	Application Security Engine Support (#2273 ) Add a new datasource that: - Receives HTTP requests from remediation components - Apply rules on them to determine whether they are malicious or not - Rules can be evaluated in-band (the remediation component will block the request directly) or out-band (the RC will let the request through, but crowdsec can still process the rule matches with scenarios) The PR also adds support for 2 new hub items: - appsec-configs: Configure the Application Security Engine (which rules to load, in which phase) - appsec-rules: a rule that is added in the Application Security Engine (can use either our own format, or seclang) --------- Co-authored-by: alteredCoder <kevin@crowdsec.net> Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com> Co-authored-by: Marco Mariani <marco@crowdsec.net>	2023-12-07 12:21:04 +01:00
lperdereau	92f923cfa8	Loki integration #2 (#2306 ) * Add support for loki datasource --------- Co-authored-by: Mathieu Lecarme <mathieu@garambrogne.net> Co-authored-by: Sebastien Blot <sebastien@crowdsec.net> Co-authored-by: Thibault "bui" Koechlin <thibault@crowdsec.net>	2023-11-22 13:31:39 +01:00
mmetc	ffadd42779	update dependency on go-cs-lib; drop the pkg/ part (#2393 )	2023-07-28 16:35:08 +02:00
mmetc	a910b7beca	non-fatal error if some datasource can't be run (i.e. journalctl but systemd is missing) (#2309 ) This on the other hand, gives a new fatal error when there are no valid datasources. In the previous version, crowdsec kept running with just a warning if no acquisition yaml or dir were specified.	2023-06-27 10:13:13 +02:00
mmetc	534328ca30	decouple bouncer dependencies: use go-cs-lib/pkg/* (#2216 ) * decouple bouncer dependencies: use go-cs-lib/pkg/trace * decouple bouncer dependencies: use go-cs-lib/pkg/version * decouple bouncer dependencies: use go-cs-lib/pkg/yamlpatch * decouple bouncer dependencies: use go-cs-lib/pkg/csstring * unused import	2023-05-23 10:52:47 +02:00
mmetc	3fa555fb25	Rename k8s_audit to k8s-audit (easier to type, consistent with labels) (#2153 )	2023-04-03 09:53:38 +02:00
blotus	61bea26486	Add `transform` configuration option for acquisition (#2144 )	2023-03-29 16:04:17 +02:00
blotus	dc38e5ac00	S3 acquisition datasource (#2130 )	2023-03-21 13:54:52 +01:00
blotus	fdda940ac0	Add Kubernetes audit acquisition (#1767 )	2022-12-06 13:47:29 +01:00
mmetc	4a6a9c4355	acquisition: validate datasources before configuration (static checks) (#1841 ) * acquisition: validate datasources before configuration (allow static configuration checks) * remove comment * import reviser, format * error wrap	2022-11-30 17:36:56 +01:00
mmetc	104f5d1fe6	lint: error handling cleanup (#1877 )	2022-11-29 09:16:07 +01:00
mmetc	2b7e3ff1e7	warn if no acquisition files are found, acquisition_test refactoring, tests (#1816 )	2022-10-17 17:32:08 +02:00
he2ss	ea40ffd655	Datasource/kafka (#1698 ) * add Kafka datasource	2022-08-30 17:03:45 +02:00
blotus	0449ec1868	Windows Support (#1159 )	2022-05-17 12:14:59 +02:00
mmetc	ad28a979e9	local control flow cleanup (#1215 ) removed redundant/unreachable returns, else branches, type declarations, unused variables	2022-02-01 22:08:06 +01:00
blotus	4a11060930	Kinesis datasource (#1147 )	2022-01-11 14:19:43 +01:00
AlteredCoder	4917aa23c9	Docker datasource (#1064 ) * add docker datasource	2021-12-02 15:55:50 +01:00
he2ss	0652e9ed08	feature cscli\|crowdsec add additional labels on crowdsec dsn run (#1053 ) * feature cscli\|crowdsec add additional labels on crowdsec dsn run	2021-11-17 10:08:46 +01:00
blotus	cedfca07c2	don't wait for acquis tomb if we have no sources (#868 )	2021-07-28 08:58:44 +02:00
Thibault "bui" Koechlin	ce6a61df1c	Refactor Acquisition Interface (#773 ) * Add new acquisition interface + new modules (cloudwatch, syslog) Co-authored-by: Sebastien Blot <sebastien@crowdsec.net>	2021-06-11 09:53:53 +02:00
Thibault "bui" Koechlin	22ada59393	Allow for acquisition files to be specified from a directory as well (#619 ) * allow a acquisition_dir in crowdsec's config + change the behaviour of config loading so that it's working with a list instead. keep backward compat with acquisition_path * remove the default behaviour of 'guessing' acquis path if param isn't present, and error	2021-02-17 13:55:36 +01:00
Thibault "bui" Koechlin	dbb420f79e	local api (#482 ) Co-authored-by: AlteredCoder Co-authored-by: erenJag	2020-11-30 10:37:17 +01:00

29 commits