Hi,
is there a option to have a captcha every time?
my profiles.yaml looks like this:
name: captcha_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == “Ip” && Alert.GetScenario() contains “http”
Any scenario with http in its name will trigger a captcha challenge
decisions:
- type: captcha
duration: 4h
on_success: break
name: default_ip_remediation
filters:
- Alert.Remediation == true && Alert.GetScope() == “Ip”
decisions: - type: ban
duration: 4h
#duration_expr: “Sprintf(‘%dh’, (GetDecisionsCount(Alert.GetValue()) + 1) * 4)”
on_success: break
profiles.yaml
>
> >
> >
> > name: captcha_remediation
> > filters:
> > - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() contains "http"
> > ## Any scenario with http in its name will trigger a captcha challenge
> > decisions:
> > - type: captcha
> > duration: 4h
> > on_success: break
> > ---
> > name: default_ip_remediation
> > filters:
> > - Alert.Remediation == true && Alert.GetScope() == "Ip"
> > decisions:
> > - type: ban
> > duration: 4h
> > #duration_expr: "Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)"
> > on_success: break
> > #duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
> > # notifications:
> > # - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
> > # - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
> > # - http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
> > # - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
root@vaultwarden:/etc/crowdsec/bouncers# ls
crowdsec-firewall-bouncer.yaml crowdsec-firewall-bouncer.yaml.id crowdsec-nginx-bouncer.conf
captcha is working if i set it manualy
cscli decisions add --ip X.X.240.81 --type captcha
Parser Metrics:
╭───────────────────────────────────────┬──────┬────────┬──────────╮
│ Parsers │ Hits │ Parsed │ Unparsed │
├───────────────────────────────────────┼──────┼────────┼──────────┤
│ Dominic-Wagner/vaultwarden-logs │ 14 │ - │ 14 │
│ child-Dominic-Wagner/vaultwarden-logs │ 42 │ - │ 42 │
│ crowdsecurity/non-syslog │ 14 │ 14 │ - │
╰───────────────────────────────────────┴──────┴────────┴──────────╯