github.com/crowdsecurity/crowdsec@v1.6.1/pkg/models/localapi_swagger.yaml (about) 1 swagger: '2.0' 2 info: 3 version: 1.0.0 4 title: Swagger CrowdSec 5 description: CrowdSec local API 6 contact: 7 email: contact@crowdsec.net 8 host: 127.0.0.1 9 basePath: /v1 10 securityDefinitions: 11 JWTAuthorizer: 12 type: "apiKey" 13 name: "Authorization: Bearer" 14 in: "header" 15 APIKeyAuthorizer: 16 type: "apiKey" 17 name: "X-Api-Key" 18 in: "header" 19 schemes: 20 - https 21 - http 22 consumes: 23 - application/json 24 produces: 25 - application/json 26 paths: 27 /decisions/stream: 28 get: 29 description: Returns a list of new/expired decisions. Intended for remediation component that need to "stream" decisions 30 summary: getDecisionsStream 31 tags: 32 - Remediation component 33 operationId: getDecisionsStream 34 deprecated: false 35 produces: 36 - application/json 37 parameters: 38 - name: startup 39 in: query 40 required: false 41 type: boolean 42 description: 'If true, means that the remediation component is starting and a full list must be provided' 43 - name: scopes 44 in: query 45 required: false 46 type: string 47 description: 'Comma separated scopes of decisions to fetch' 48 - name: origins 49 in: query 50 required: false 51 type: string 52 description: 'Comma separated name of origins. If provided, then only the decisions originating from provided origins would be returned.' 53 - name: scenarios_containing 54 in: query 55 required: false 56 type: string 57 description: 'Comma separated words. If provided, only the decisions created by scenarios containing any of the provided word would be returned.' 58 - name: scenarios_not_containing 59 in: query 60 required: false 61 type: string 62 description: 'Comma separated words. If provided, only the decisions created by scenarios, not containing any of the provided word would be returned.' 63 responses: 64 '200': 65 description: successful operation 66 schema: 67 $ref: '#/definitions/DecisionsStreamResponse' 68 headers: {} 69 '400': 70 description: "400 response" 71 schema: 72 $ref: "#/definitions/ErrorResponse" 73 security: 74 - APIKeyAuthorizer: [] 75 head: 76 description: Returns a list of new/expired decisions. Intended for remediation component that need to "stream" decisions 77 summary: GetDecisionsStream 78 tags: 79 - Remediation component 80 operationId: headDecisionsStream 81 deprecated: false 82 produces: 83 - application/json 84 parameters: 85 - name: startup 86 in: query 87 required: false 88 type: boolean 89 description: 'If true, means that the bouncer is starting and a full list must be provided' 90 responses: 91 '200': 92 description: successful operation 93 headers: {} 94 '400': 95 description: "400 response" 96 security: 97 - APIKeyAuthorizer: [] 98 /decisions: 99 get: 100 description: Returns information about existing decisions 101 summary: getDecisions 102 tags: 103 - Remediation component 104 operationId: getDecisions 105 deprecated: false 106 produces: 107 - application/json 108 parameters: 109 - name: scope 110 in: query 111 required: false 112 type: string 113 description: scope to which the decision applies (ie. IP/Range/Username/Session/...) 114 - name: value 115 in: query 116 required: false 117 type: string 118 description: the value to match for in the specified scope 119 - name: type 120 in: query 121 required: false 122 type: string 123 description: type of decision 124 - name: ip 125 in: query 126 required: false 127 type: string 128 description: IP to search for (shorthand for scope=ip&value=) 129 - name: range 130 in: query 131 required: false 132 type: string 133 description: range to search for (shorthand for scope=range&value=) 134 - name: contains 135 in: query 136 required: false 137 type: boolean 138 description: indicate if you're looking for a decision that contains the value, or that is contained within the value 139 - name: origins 140 in: query 141 required: false 142 type: string 143 description: 'Comma separated name of origins. If provided, then only the decisions originating from provided origins would be returned.' 144 - name: scenarios_containing 145 in: query 146 required: false 147 type: string 148 description: 'Comma separated words. If provided, only the decisions created by scenarios containing any of the provided word would be returned.' 149 - name: scenarios_not_containing 150 in: query 151 required: false 152 type: string 153 description: 'Comma separated words. If provided, only the decisions created by scenarios, not containing any of the provided word would be returned.' 154 responses: 155 '200': 156 description: "successful operation" 157 schema: 158 $ref: '#/definitions/GetDecisionsResponse' 159 '400': 160 description: "400 response" 161 schema: 162 $ref: "#/definitions/ErrorResponse" 163 head: 164 description: Returns information about existing decisions 165 summary: GetDecisions 166 tags: 167 - Remediation component 168 operationId: headDecisions 169 deprecated: false 170 produces: 171 - application/json 172 parameters: 173 - name: scope 174 in: query 175 required: false 176 type: string 177 description: scope to which the decision applies (ie. IP/Range/Username/Session/...) 178 - name: value 179 in: query 180 required: false 181 type: string 182 description: the value to match for in the specified scope 183 - name: type 184 in: query 185 required: false 186 type: string 187 description: type of decision 188 - name: ip 189 in: query 190 required: false 191 type: string 192 description: IP to search for (shorthand for scope=ip&value=) 193 - name: range 194 in: query 195 required: false 196 type: string 197 description: range to search for (shorthand for scope=range&value=) 198 - name: contains 199 in: query 200 required: false 201 type: boolean 202 description: indicate if you're looking for a decision that contains the value, or that is contained within the value 203 responses: 204 '200': 205 description: "successful operation" 206 '400': 207 description: "400 response" 208 security: 209 - APIKeyAuthorizer: [] 210 delete: 211 description: Delete decisions(s) for given filters (only from cscli) 212 summary: deleteDecisions 213 tags: 214 - watchers 215 operationId: deleteDecisions 216 deprecated: false 217 produces: 218 - application/json 219 parameters: 220 - name: scope 221 in: query 222 required: false 223 type: string 224 description: scope to which the decision applies (ie. IP/Range/Username/Session/...) 225 - name: value 226 in: query 227 required: false 228 type: string 229 description: the value to match for in the specified scope 230 - name: type 231 in: query 232 required: false 233 type: string 234 description: type of decision 235 - name: ip 236 in: query 237 required: false 238 type: string 239 description: IP to search for (shorthand for scope=ip&value=) 240 - name: range 241 in: query 242 required: false 243 type: string 244 description: range to search for (shorthand for scope=range&value=) 245 - name: scenario 246 in: query 247 required: false 248 type: string 249 description: scenario to search 250 responses: 251 '200': 252 description: successful operation 253 schema: 254 $ref: '#/definitions/DeleteDecisionResponse' 255 headers: {} 256 '400': 257 description: "400 response" 258 schema: 259 $ref: "#/definitions/ErrorResponse" 260 security: 261 - JWTAuthorizer: [] 262 '/decisions/{decision_id}': 263 delete: 264 description: Delete decision for given decision ID (only from cscli) 265 summary: DeleteDecision 266 tags: 267 - watchers 268 operationId: DeleteDecision 269 deprecated: false 270 produces: 271 - application/json 272 parameters: 273 - name: decision_id 274 in: path 275 required: true 276 type: string 277 description: '' 278 responses: 279 '200': 280 description: successful operation 281 schema: 282 $ref: '#/definitions/DeleteDecisionResponse' 283 headers: {} 284 '404': 285 description: "404 response" 286 schema: 287 $ref: "#/definitions/ErrorResponse" 288 security: 289 - JWTAuthorizer: [] 290 /watchers: 291 post: 292 description: This method is used when installing crowdsec (cscli->APIL) 293 summary: RegisterWatcher 294 tags: 295 - watchers 296 operationId: RegisterWatcher 297 deprecated: false 298 produces: 299 - application/json 300 consumes: 301 - application/json 302 parameters: 303 - name: body 304 in: body 305 required: true 306 description: Information about the watcher to be registered 307 schema: 308 $ref: '#/definitions/WatcherRegistrationRequest' 309 responses: 310 '201': 311 description: Watcher Created 312 headers: {} 313 '400': 314 description: "400 response" 315 schema: 316 $ref: "#/definitions/ErrorResponse" 317 /watchers/login: 318 post: 319 description: Authenticate current to get session ID 320 summary: AuthenticateWatcher 321 tags: 322 - watchers 323 operationId: AuthenticateWatcher 324 deprecated: false 325 produces: 326 - application/json 327 consumes: 328 - application/json 329 parameters: 330 - name: body 331 in: body 332 required: true 333 description: Information about the watcher to be reset 334 schema: 335 $ref: '#/definitions/WatcherAuthRequest' 336 responses: 337 '200': 338 description: Login successful 339 schema: 340 $ref: '#/definitions/WatcherAuthResponse' 341 '403': 342 description: "403 response" 343 schema: 344 $ref: "#/definitions/ErrorResponse" 345 /alerts: 346 post: 347 description: Push alerts to API 348 summary: pushAlerts 349 tags: 350 - watchers 351 operationId: pushAlerts 352 deprecated: false 353 produces: 354 - application/json 355 consumes: 356 - application/json 357 parameters: 358 - name: body 359 in: body 360 required: true 361 description: Push alerts to the API 362 schema: 363 $ref: '#/definitions/AddAlertsRequest' 364 responses: 365 '201': 366 description: Alert(s) created 367 schema: 368 $ref: '#/definitions/AddAlertsResponse' 369 headers: {} 370 '400': 371 description: "400 response" 372 schema: 373 $ref: "#/definitions/ErrorResponse" 374 security: 375 - JWTAuthorizer: [] 376 get: 377 description: Allows to search for alerts 378 summary: searchAlerts 379 tags: 380 - watchers 381 operationId: searchAlerts 382 deprecated: false 383 produces: 384 - application/json 385 parameters: 386 - name: scope 387 in: query 388 required: false 389 type: string 390 description: show alerts for this scope 391 - name: value 392 in: query 393 required: false 394 type: string 395 description: show alerts for this value (used with scope) 396 - name: scenario 397 in: query 398 required: false 399 type: string 400 description: show alerts for this scenario 401 - name: ip 402 in: query 403 required: false 404 type: string 405 description: IP to search for (shorthand for scope=ip&value=) 406 - name: range 407 in: query 408 required: false 409 type: string 410 description: range to search for (shorthand for scope=range&value=) 411 - name: since #shouldn't "since" be a golang-duration format ? 412 in: query 413 required: false 414 type: string 415 format: date-time 416 description: 'search alerts newer than delay (format must be compatible with time.ParseDuration)' 417 - name: until #same as for "since" 418 in: query 419 description: 'search alerts older than delay (format must be compatible with time.ParseDuration)' 420 required: false 421 type: string 422 format: date-time 423 - name: simulated 424 in: query 425 required: false 426 type: boolean 427 description: if set to true, decisions in simulation mode will be returned as well 428 - name: has_active_decision 429 in: query 430 required: false 431 type: boolean 432 description: 'only return alerts with decisions not expired yet' 433 - name: decision_type 434 in: query 435 required: false 436 type: string 437 description: 'restrict results to alerts with decisions matching given type' 438 - name: limit 439 in: query 440 required: false 441 type: number 442 description: 'number of alerts to return' 443 - name: origin 444 in: query 445 required: false 446 type: string 447 description: 'restrict results to this origin (ie. lists,CAPI,cscli)' 448 responses: 449 '200': 450 description: successful operation 451 schema: 452 $ref: '#/definitions/GetAlertsResponse' 453 headers: {} 454 '400': 455 description: "400 response" 456 schema: 457 $ref: "#/definitions/ErrorResponse" 458 security: 459 - JWTAuthorizer: [] 460 head: 461 description: Allows to search for alerts 462 summary: searchAlerts 463 tags: 464 - watchers 465 operationId: headAlerts 466 deprecated: false 467 produces: 468 - application/json 469 parameters: 470 - name: scope 471 in: query 472 required: false 473 type: string 474 description: show alerts for this scope 475 - name: value 476 in: query 477 required: false 478 type: string 479 description: show alerts for this value (used with scope) 480 - name: scenario 481 in: query 482 required: false 483 type: string 484 description: show alerts for this scenario 485 - name: ip 486 in: query 487 required: false 488 type: string 489 description: IP to search for (shorthand for scope=ip&value=) 490 - name: range 491 in: query 492 required: false 493 type: string 494 description: range to search for (shorthand for scope=range&value=) 495 - name: since #shouldn't "since" be a golang-duration format ? 496 in: query 497 required: false 498 type: string 499 format: date-time 500 description: 'search alerts newer than delay (format must be compatible with time.ParseDuration)' 501 - name: until #same as for "since" 502 in: query 503 description: 'search alerts older than delay (format must be compatible with time.ParseDuration)' 504 required: false 505 type: string 506 format: date-time 507 - name: simulated 508 in: query 509 required: false 510 type: boolean 511 description: if set to true, decisions in simulation mode will be returned as well 512 - name: has_active_decision 513 in: query 514 required: false 515 type: boolean 516 description: 'only return alerts with decisions not expired yet' 517 - name: decision_type 518 in: query 519 required: false 520 type: string 521 description: 'restrict results to alerts with decisions matching given type' 522 - name: limit 523 in: query 524 required: false 525 type: number 526 description: 'number of alerts to return' 527 - name: origin 528 in: query 529 required: false 530 type: string 531 description: 'restrict results to this origin (ie. lists,CAPI,cscli)' 532 responses: 533 '200': 534 description: successful operation 535 headers: {} 536 '400': 537 description: "400 response" 538 security: 539 - JWTAuthorizer: [] 540 delete: 541 description: Allows to delete alerts 542 summary: deleteAlerts 543 tags: 544 - watchers 545 operationId: deleteAlerts 546 deprecated: false 547 produces: 548 - application/json 549 parameters: 550 - name: scope 551 in: query 552 required: false 553 type: string 554 description: delete alerts for this scope 555 - name: value 556 in: query 557 required: false 558 type: string 559 description: delete alerts for this value (used with scope) 560 - name: scenario 561 in: query 562 required: false 563 type: string 564 description: delete alerts for this scenario 565 - name: ip 566 in: query 567 required: false 568 type: string 569 description: delete Alerts with IP (shorthand for scope=ip&value=) 570 - name: range 571 in: query 572 required: false 573 type: string 574 description: delete alerts concerned by range (shorthand for scope=range&value=) 575 - name: since 576 in: query 577 required: false 578 type: string 579 format: date-time 580 description: 'delete alerts added after YYYY-mm-DD-HH:MM:SS' 581 - name: until 582 in: query 583 required: false 584 type: string 585 format: date-time 586 description: 'delete alerts added before YYYY-mm-DD-HH:MM:SS' 587 - name: has_active_decision 588 in: query 589 required: false 590 type: boolean 591 description: 'delete only alerts with decisions not expired yet' 592 - name: alert_source 593 in: query 594 required: false 595 type: string 596 description: delete only alerts with matching source (ie. cscli/crowdsec) 597 responses: 598 '200': 599 description: successful operation 600 schema: 601 $ref: '#/definitions/DeleteAlertsResponse' 602 headers: {} 603 '400': 604 description: "400 response" 605 schema: 606 $ref: "#/definitions/ErrorResponse" 607 security: 608 - JWTAuthorizer: [] 609 '/alerts/{alert_id}': 610 get: 611 description: Get alert by ID 612 summary: GetAlertByID 613 tags: 614 - watchers 615 operationId: GetAlertbyID 616 deprecated: false 617 produces: 618 - application/json 619 parameters: 620 - name: alert_id 621 in: path 622 required: true 623 type: string 624 description: '' 625 responses: 626 '200': 627 description: successful operation 628 schema: 629 $ref: '#/definitions/Alert' 630 headers: {} 631 '400': 632 description: "400 response" 633 schema: 634 $ref: "#/definitions/ErrorResponse" 635 security: 636 - JWTAuthorizer: [] 637 head: 638 description: Get alert by ID 639 summary: GetAlertByID 640 tags: 641 - watchers 642 operationId: HeadAlertbyID 643 deprecated: false 644 produces: 645 - application/json 646 parameters: 647 - name: alert_id 648 in: path 649 required: true 650 type: string 651 description: '' 652 responses: 653 '200': 654 description: successful operation 655 headers: {} 656 '400': 657 description: "400 response" 658 security: 659 - JWTAuthorizer: [] 660 delete: 661 description: Delete alert for given alert ID (only from cscli) 662 summary: DeleteAlert 663 tags: 664 - watchers 665 operationId: DeleteAlert 666 deprecated: false 667 produces: 668 - application/json 669 parameters: 670 - name: alert_id 671 in: path 672 required: true 673 type: string 674 description: '' 675 responses: 676 '200': 677 description: successful operation 678 schema: 679 $ref: '#/definitions/DeleteAlertsResponse' 680 headers: {} 681 '404': 682 description: "404 response" 683 schema: 684 $ref: "#/definitions/ErrorResponse" 685 security: 686 - JWTAuthorizer: [] 687 definitions: 688 WatcherRegistrationRequest: 689 title: WatcherRegistrationRequest 690 type: object 691 properties: 692 machine_id: 693 type: string 694 password: 695 type: string 696 format: password 697 required: 698 - machine_id 699 - password 700 WatcherAuthRequest: 701 title: WatcherAuthRequest 702 type: object 703 properties: 704 machine_id: 705 type: string 706 password: 707 type: string 708 format: password 709 scenarios: 710 description: the list of scenarios enabled on the watcher 711 type: array 712 items: 713 type: string 714 required: 715 - machine_id 716 - password 717 WatcherAuthResponse: 718 title: WatcherAuthResponse 719 description: the response of a successful authentication 720 type: object 721 properties: 722 code: 723 type: integer 724 expire: 725 type: string 726 token: 727 type: string 728 Alert: 729 title: Alert 730 type: object 731 properties: 732 id: 733 description: 'only relevant for GET, ignored in POST requests' 734 type: integer 735 readOnly: true 736 uuid: 737 description: 'only relevant for LAPI->CAPI, ignored for cscli->LAPI and crowdsec->LAPI' 738 type: string 739 readOnly: true 740 machine_id: 741 description: 'only relevant for LAPI->CAPI, ignored for cscli->LAPI and crowdsec->LAPI' 742 type: string 743 readOnly: true 744 created_at: 745 description: 'only relevant for GET, ignored in POST requests' 746 type: string 747 readOnly: true 748 scenario: 749 type: string 750 scenario_hash: 751 type: string 752 scenario_version: 753 type: string 754 message: 755 description: a human readable message 756 type: string 757 events_count: 758 type: integer 759 format: int32 760 start_at: 761 type: string 762 stop_at: 763 type: string 764 capacity: 765 type: integer 766 format: int32 767 leakspeed: 768 type: string 769 simulated: 770 type: boolean 771 events: 772 description: the Meta of the events leading to overflow 773 type: array 774 items: 775 $ref: '#/definitions/Event' 776 remediation: 777 type: boolean 778 decisions: 779 type: array 780 items: 781 $ref: '#/definitions/Decision' 782 source: 783 $ref: '#/definitions/Source' 784 meta: 785 $ref: '#/definitions/Meta' 786 labels: 787 type: array 788 items: 789 type: string 790 required: 791 - scenario 792 - scenario_hash 793 - scenario_version 794 - message 795 - events_count 796 - start_at 797 - stop_at 798 - capacity 799 - leakspeed 800 - simulated 801 - events 802 - source 803 Source: 804 title: Source 805 type: object 806 properties: 807 scope: 808 description: 'the scope of a source : ip,range,username,etc' 809 type: string 810 value: 811 description: 'the value of a source : the ip, the range, the username,etc' 812 type: string 813 ip: 814 description: provided as a convenience when the source is an IP 815 type: string 816 range: 817 description: provided as a convenience when the source is an IP 818 type: string 819 as_number: 820 description: provided as a convenience when the source is an IP 821 type: string 822 as_name: 823 description: provided as a convenience when the source is an IP 824 type: string 825 cn: 826 type: string 827 latitude: 828 type: number 829 format: float 830 longitude: 831 type: number 832 format: float 833 required: 834 - scope 835 - value 836 Metrics: 837 title: Metrics 838 type: object 839 properties: 840 apil_version: 841 description: the local version of crowdsec/apil 842 type: string 843 bouncers: 844 type: array 845 items: 846 $ref: '#/definitions/MetricsBouncerInfo' 847 machines: 848 type: array 849 items: 850 $ref: '#/definitions/MetricsAgentInfo' 851 required: 852 - apil_version 853 - bouncers 854 - machines 855 MetricsBouncerInfo: 856 title: MetricsBouncerInfo 857 description: Software version info (so we can warn users about out-of-date software). The software name and the version are "guessed" from the user-agent 858 type: object 859 properties: 860 custom_name: 861 type: string 862 description: name of the component 863 name: 864 type: string 865 description: bouncer type (firewall, php ...) 866 version: 867 type: string 868 description: software version 869 last_pull: 870 type: string 871 description: last bouncer pull date 872 MetricsAgentInfo: 873 title: MetricsAgentInfo 874 description: Software version info (so we can warn users about out-of-date software). The software name and the version are "guessed" from the user-agent 875 type: object 876 properties: 877 name: 878 type: string 879 description: name of the component 880 version: 881 type: string 882 description: software version 883 last_update: 884 type: string 885 description: last agent update date 886 last_push: 887 type: string 888 description: last agent push date 889 Decision: 890 title: Decision 891 type: object 892 properties: 893 id: 894 description: (only relevant for GET ops) the unique id 895 type: integer 896 readOnly: true 897 uuid: 898 description: 'only relevant for LAPI->CAPI, ignored for cscli->LAPI and crowdsec->LAPI' 899 type: string 900 readOnly: true 901 origin: 902 description: 'the origin of the decision : cscli, crowdsec' 903 type: string 904 type: 905 description: 'the type of decision, might be ''ban'', ''captcha'' or something custom. Ignored when watcher (cscli/crowdsec) is pushing to APIL.' 906 type: string 907 scope: 908 description: 'the scope of decision : does it apply to an IP, a range, a username, etc' 909 type: string 910 value: 911 description: 'the value of the decision scope : an IP, a range, a username, etc' 912 type: string 913 duration: 914 description: 'the duration of the decisions' 915 type: string 916 until: 917 type: string 918 description: 'the date until the decisions must be active' 919 scenario: 920 type: string 921 simulated: 922 type: boolean 923 description: 'true if the decision result from a scenario in simulation mode' 924 readOnly: true 925 required: 926 - origin 927 - type 928 - scope 929 - value 930 - duration 931 - scenario 932 DeleteDecisionResponse: 933 title: DeleteDecisionResponse 934 type: object 935 properties: 936 nbDeleted: 937 type: string 938 description: "number of deleted decisions" 939 AddAlertsRequest: 940 title: AddAlertsRequest 941 type: array 942 items: 943 $ref: '#/definitions/Alert' 944 AddAlertsResponse: 945 title: AddAlertsResponse 946 type: array 947 items: 948 type: string 949 description: alert_id 950 GetAlertsResponse: 951 title: AlertsResponse 952 type: array 953 items: 954 $ref: '#/definitions/Alert' 955 DeleteAlertsResponse: 956 title: DeleteAlertsResponse 957 type: object 958 properties: 959 nbDeleted: 960 type: string 961 description: "number of deleted alerts" 962 DecisionsStreamResponse: 963 title: DecisionsStreamResponse 964 type: object 965 properties: 966 new: 967 $ref: '#/definitions/GetDecisionsResponse' 968 deleted: 969 $ref: '#/definitions/GetDecisionsResponse' 970 Event: 971 title: Event 972 type: object 973 properties: 974 timestamp: 975 type: string 976 meta: 977 $ref: '#/definitions/Meta' 978 required: 979 - timestamp 980 - meta 981 GetDecisionsResponse: 982 title: GetDecisionsResponse 983 type: array 984 items: 985 $ref: '#/definitions/Decision' 986 Meta: 987 title: Meta 988 description: the Meta data of the Alert itself 989 type: array 990 items: 991 type: object 992 properties: 993 key: 994 type: string 995 value: 996 type: string 997 ErrorResponse: 998 type: "object" 999 required: 1000 - "message" 1001 properties: 1002 message: 1003 type: "string" 1004 description: "Error message" 1005 errors: 1006 type: "string" 1007 description: "more detail on individual errors" 1008 title: "error response" 1009 description: "error response return by the API" 1010 tags: 1011 - name: Remediation component 1012 description: 'Operations about decisions : bans, captcha, rate-limit etc.' 1013 - name: watchers 1014 description: 'Operations about watchers : cscli & crowdsec' 1015 externalDocs: 1016 url: 'https://github.com/crowdsecurity/crowdsec' 1017 description: Find out more about CrowdSec