Changes from v0.3.X
to v1.0.0
Local API
- Crowdsec now expose an API. Crowdsec will send
Alerts
(triggered scenarios) to this API, which will handle decisions (with profiles). All bouncers will have to query this API to know if an IP should be blocked or not. - This change brings the following possibilities:
- Multiple crowdsec can share their decisions by sending their alerts to the same API endpoint, instead of using a network database.
- Bouncers will now have to only make a HTTP request to know if an IP is blocked or not, instead of supporting all kind of databases.
- The pull of bad IPs from Crowdsec Central API will now be done periodically by the API in the background, instead of being done in a cronjob.
- Local & Central API documentation
Journald
- Crowdsec supports journald datasource (via
journalctl_filter
)
cscli
- we now follow the
cscli <domain> <action>
logic :
cscli install scenario crowdsecurity/ssh-bf
becomes cscli scenarios install crowdsecurity/ssh-bf
-
new commands have been added
bouncers
: Manage bouncers. You will have to use this command to generate an API Token for your bouncer or list bouncers.capi
: To register/check status to Central Crowdsec API.hub
: To update the hub cache, and see installed configurations from the hub.lapi
: To register/check status to a crowdsec API.machines
: Manage machines registered to the API. Create/Delete/List machines.
-
You can now see more information about an
Alert
withcscli alerts inspect <alert_id>
:
Runtime Object changes
SignalOccurences
andban
are replaced byAlerts
andDecisions
:Alert
: An alert generated by a triggered scenario (for history)Decision
: A remediation (ban, captcha, mfa ...) to apply during a period defined in the profile configuration
Note: The object exposed in the profile.yaml
(Sig
) become Alert
Improvements
- Improve dashboard management. Now username and password are stored locally so you don't have to recreate the dashboard if you lost your password
- Improve dashboards and their graph
- Better handling of stack trace
- Usage of pagination for database interaction (create, select ...) for better performance and to avoid SQL errors
cscli alerts list
(previouscscli ban list
) is now faster with big database
Bug fixes
- Parser node evaluation order, where sub node were evaluated before the root one.
- Crowdsec exited when the geoip enrichment failed
- Fix a bug in
cscli inspect <scenario>
where the scenario belong to multiple collections - Fix range deletion with
cscli
Changes from last release candidate
- change the hub branch for the upcoming release (#513) @buixor
- improve docs (#511) @AlteredCoder
- cscli: fix bug in restore command (#510) @erenJag
- update prometheus doc (#509) @erenJag
- Faq metabase (#508) @AlteredCoder
- Add ci docker push (#504) @erenJag
- rename username by machine (#506) @AlteredCoder
- Fix a crash (#503) @registergoofy
- allow to specify username when register to lapi (#505) @AlteredCoder
- fix cscli remove (#501) @erenJag
Geolite2 notice
This product includes GeoLite2 data created by MaxMind, available from https://www.maxmind.com.