-
Notifications
You must be signed in to change notification settings - Fork 414
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug/cscli/crowdsec: simulation mode with custom scenarios #1343
Comments
Hello, it seems more complicated than expected to fix the issue. For example, if a scenario called
And this should work. |
This issue will be fixe during the refactor of the cwhub library. |
Maybe I haven't read it correctly, but I've tried doing that and I can't. When trying to enable the simulation for the file, it returns: |
This is a 2 year old workaround that most likely does not work anymore, I will attempt to see if there a new workaround or the original issue has been resolved |
I have tested this and the original bug report has been fixed
|
What is the status of this? Simulation mode - both global and enabled only for individual custom scenarios - doesn't work for me at all on version crowdsec-crowdsec-agent-947ql:/# cscli version && cscli simulation status && cscli scenarios inspect custom/brute_force && cscli alerts list && cscli alerts inspect 1 && cscli decisions list
2024/04/19 16:33:31 version: v1.6.1-c6e40191
2024/04/19 16:33:31 Codename: alphaga
2024/04/19 16:33:31 BuildDate: 2024-04-18_13:47:41
2024/04/19 16:33:31 GoVersion: 1.21.9
2024/04/19 16:33:31 Platform: docker
2024/04/19 16:33:31 libre2: C++
2024/04/19 16:33:31 Constraint_parser: >= 1.0, <= 3.0
2024/04/19 16:33:31 Constraint_scenario: >= 1.0, <= 3.0
2024/04/19 16:33:31 Constraint_api: v1
2024/04/19 16:33:31 Constraint_acquis: >= 1.0, < 2.0
INFO[2024-04-19T16:33:31Z] global simulation: disabled
INFO[2024-04-19T16:33:31Z] Scenarios in simulation mode :
INFO[2024-04-19T16:33:31Z] - custom/brute_force
type: scenarios
name: custom/brute_force
file_name: brute-force.yaml
local_path: /etc/crowdsec/scenarios/brute-force.yaml
installed: true
downloaded: false
uptodate: true
tainted: false
local: true
Current metrics:
- (Scenario) custom/brute_force:
╭───────────────┬───────────┬──────────────┬────────┬─────────╮
│ Current Count │ Overflows │ Instantiated │ Poured │ Expired │
├───────────────┼───────────┼──────────────┼────────┼─────────┤
│ 0 │ 1 │ 1 │ 6 │ 0 │
╰───────────────┴───────────┴──────────────┴────────┴─────────╯
╭────┬──────────────┬────────────────────┬─────────┬────┬───────────┬─────────────────────────────────────────╮
│ ID │ value │ reason │ country │ as │ decisions │ created_at │
├────┼──────────────┼────────────────────┼─────────┼────┼───────────┼─────────────────────────────────────────┤
│ 1 │ Ip:10.42.1.0 │ custom/brute_force │ │ │ ban:1 │ 2024-04-19 16:32:40.080501659 +0000 UTC │
╰────┴──────────────┴────────────────────┴─────────┴────┴───────────┴─────────────────────────────────────────╯
################################################################################################
- ID : 1
- Date : 2024-04-19T16:32:53Z
- Machine : CrowdSec [email protected]
- Simulation : false
- Reason : custom/brute_force
- Events Count : 6
- Scope:Value : Ip:10.42.1.0
- Country :
- AS :
- Begin : 2024-04-19 16:32:40.080501659 +0000 UTC
- End : 2024-04-19 16:32:52.848885005 +0000 UTC
- UUID : 31342e93-fbcc-430d-ad28-10a47bab32a1
- Active Decisions :
╭────┬──────────────┬────────┬──────────────────┬──────────────────────╮
│ ID │ scope:value │ action │ expiration │ created_at │
├────┼──────────────┼────────┼──────────────────┼──────────────────────┤
│ 1 │ Ip:10.42.1.0 │ ban │ 59m20.978523943s │ 2024-04-19T16:32:53Z │
╰────┴──────────────┴────────┴──────────────────┴──────────────────────╯
╭────┬──────────┬──────────────┬────────────────────┬────────┬─────────┬────┬────────┬──────────────────┬──────────╮
│ ID │ Source │ Scope:Value │ Reason │ Action │ Country │ AS │ Events │ expiration │ Alert ID │
├────┼──────────┼──────────────┼────────────────────┼────────┼─────────┼────┼────────┼──────────────────┼──────────┤
│ 1 │ crowdsec │ Ip:10.42.1.0 │ custom/brute_force │ ban │ │ │ 6 │ 59m20.914209538s │ 1 │
╰────┴──────────┴──────────────┴────────────────────┴────────┴─────────┴────┴────────┴──────────────────┴──────────╯ On version |
Yes, we found a bug introduced by |
Describe the bug
When enabling the simulation mode for a custom scenario (maybe also tainted i didn't try) and triggering it, the decisions is still emitted.
To Reproduce
cscli simulation disable -g
and enable it only for the custom scenario.cscli alerts list
orcscli decisions list
and you can see that IP address is banned.Expected behavior
Allow simulation for custom/tainted scenarios also.
Technical Information (please complete the following information):
The text was updated successfully, but these errors were encountered: