github.com/crowdsecurity/crowdsec@v1.6.1/config/profiles.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/config/profiles.yaml (about)

     1  name: default_ip_remediation
     2  #debug: true
     3  filters:
     4   - Alert.Remediation == true && Alert.GetScope() == "Ip"
     5  decisions:
     6   - type: ban
     7     duration: 4h
     8  #duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
     9  # notifications:
    10  #   - slack_default  # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
    11  #   - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
    12  #   - http_default   # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
    13  #   - email_default  # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
    14  on_success: break