crowdsec icon indicating copy to clipboard operation
crowdsec copied to clipboard
verified publisher icon crowdsecurity

Add the label "machine" to the prometheus metric cs_active_decisions

Open LuminatiHD opened this issue 1 year ago • 4 comments

What would you like to be added?

I think it would be helpful if the prometheus metric cs_active_decisions would show which machine triggered those decisions, similarly as one can with the cscli using the -m flag. For example:

cs_active_decisions{action="ban", instance="lapi.com:6060",  machine="machine01.example.com", reason="crowdsecurity/ssh-bf, "}               10
cs_active_decisions{action="ban", instance="lapi.com:6060" , machine="machine02.example.com", reason="crowdsecurity/ssh-bf, "}                100

/kind enhancement

Why is this needed?

It allows one to know at a glance which machine is the most endangered. Also, if there is a sudden spike in active decisions, it would be helpful to see which machine triggered that spike / if it happens to be a coordinated attack on multiple machines or one singular machine.

LuminatiHD avatar Jan 25 '24 10:01 LuminatiHD

@LuminatiHD: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

github-actions[bot] avatar Jan 25 '24 10:01 github-actions[bot]

@LuminatiHD: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

  • /kind feature
  • /kind enhancement
  • /kind bug
  • /kind packaging
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

github-actions[bot] avatar Jan 25 '24 10:01 github-actions[bot]

/kind enhancement

LuminatiHD avatar Jan 25 '24 10:01 LuminatiHD

Hi thank you for opening a enhancement request.

Currently with the release of v1.6.0 the team has their hands full with other projects.

I have added the "good first issue" tag to indicate pull requests from everyone are welcome to resolve this.

LaurenceJJones avatar Jan 25 '24 11:01 LaurenceJJones