github.com/crowdsecurity/crowdsec@v1.6.1/pkg/csconfig/testdata/profiles.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/csconfig/testdata/profiles.yaml (about)

     1  
     2  name: enforce_mfa
     3  #debug: true
     4  filters:
     5   - 'Alert.Remediation == true && Alert.GetScenario() == "crowdsecurity/ssh-enforce-mfa" && Alert.GetScope() == "username"'
     6  decisions: #remediation vs decision
     7   - type: enforce_mfa
     8     scope: "username"
     9     duration: 1h
    10  on_success: continue
    11  ---
    12  name: default_ip_remediation
    13  #debug: true
    14  filters:
    15  #  try types.Ip here :)
    16   - Alert.Remediation == true && Alert.GetScope() == "Ip"
    17  decisions:
    18   - type: ban
    19     duration: 1h
    20  on_success: break
    21  ---
    22  #this one won't be reached ^^
    23  name: default_ip_remediation_2
    24  #debug: true
    25  filters:
    26  #  try types.Ip here :)
    27   - Alert.Remediation == true && Alert.GetScope() == "Ip"
    28  decisions:
    29   - type: ratatatata
    30     duration: 1h
    31  on_success: break
    32  ---
    33  name: duration_expression
    34  #debug: true
    35  filters:
    36   - Alert.Remediation == true && Alert.GetScope() == "Ip"
    37  decisions:
    38   - type: ban
    39     duration: 1h
    40  duration_expr: sprintf('%dh', 4*4)
    41  on_success: break