Thibault "bui" Koechlin
Thibault "bui" Koechlin
after users asking question on gitter, we should make the docker usage of the firewall bouncer more obvious
Report from a user : cs-firewall-bouncer fails to start with this error : ``` time="26-04-2022 21:37:20" level=info msg="ipset 'crowdsec-blacklists' doesn't exist, skip" time="26-04-2022 21:37:20" level=info msg="Checking existing set" time="26-04-2022 21:37:20"...
(ie. sudden increase of overflows / logs etc.)
A generic scenario looking for "trendy" CVE(s) that we are spotting
While benching unrelated issues for https://github.com/crowdsecurity/crowdsec/issues/2669 we discovered that the [thinkphp scenario, because it's old, does](https://github.com/crowdsecurity/hub/blob/master/scenarios/crowdsecurity/thinkphp-cve-2018-20062.yaml): ``` evt.Meta.log_type in ["http_access-log", "http_error-log"] and any(File("thinkphp_cve_2018-20062.txt"), {Upper(evt.Meta.http_path) matches Upper(#)}) ``` Because of how...
This PR contains scenarios from sigmahq for lolbins detection on windows. Scenario are automatically generated from the WIP sigma pipeline : https://github.com/buixor/pySigma-backend-crowdsec
I'd like to see whitelists for know application's false-positives : - [x] nextcloud - [ ] matrix ?