Without installing Docker or other web interface, has anyone written a script to send an email in the event of an alert?
Crowdsec doesn’t provide this out of the box, but I guess it would be quite simple to put together.
Are you looking for a “send me an email as soon as there is an alert” or “send me a recap every X hours of the alerts I got” ?
(I’m afraid the first one might be noisy, internet being … internet)
Either would be fine. If the first is too noisy, then the latter would be fine. It’s only for local systems, so it’s not that big a deal. I would think it’s not that hard and if no one’s written anything I’ll give it a go.
I don’t think it’s hard neither, but we don’t have it yet
If you were to look into it, let us know if you need any help !
The best way is probably to write your own bouncer, but instead of blocking IP the bouncer will send an email alert.
You probably want to send a recap and not a mail on each blocked IP, but that is to you to test.