Didn’t see a place to post this so will leave here and hope you make a whitelist parser, or just add to the default whitelist yml file in /etc/crowdsec/parsers/s02-enrich/whitelists.yaml
name: crowdsecurity/whitelists
description: "Whitelist events from private ipv4 addresses"
whitelist:
reason: "private ipv4/ipv6 ip/ranges"
ip:
- "127.0.0.1"
- "::1"
- "84.17.46.49"
- "185.93.1.242"
- "185.152.67.139"
- "185.93.3.241"
- "91.189.179.2"
- "185.152.67.22"
- "185.152.67.152"
- "54.38.195.201"
- "217.182.201.147"
- "89.187.185.87"
- "212.102.50.49"
- "84.17.46.50"
- "89.187.173.70"
- "89.187.185.163"
- "84.17.37.209"
- "89.187.185.162"
- "89.187.188.223"
- "89.187.188.227"
- "89.187.188.228"
- "185.59.220.196"
- "89.187.173.66"
- "185.81.165.6"
- "212.102.50.50"
- "185.93.2.242"
- "92.223.73.24"
- "185.180.14.250"
- "212.102.50.51"
- "185.59.220.193"
- "185.93.2.241"
- "89.187.185.21"
- "95.217.37.33"
- "84.17.63.177"
- "185.93.1.241"
- "195.181.163.193"
- "89.187.162.241"
- "89.187.162.243"
- "89.187.169.15"
- "84.17.44.181"
- "51.79.176.84"
- "51.79.176.85"
- "89.187.162.244"
- "212.102.46.113"
- "139.180.134.196"
- "45.32.177.93"
- "51.83.238.53"
- "89.38.96.158"
- "195.181.163.194"
- "217.138.193.34"
- "102.129.144.45"
- "185.243.214.143"
- "185.243.214.145"
- "185.93.3.243"
- "185.93.3.242"
- "92.223.87.36"
- "5.188.95.16"
- "185.59.220.194"
- "89.187.162.249"
- "89.187.162.242"
- "185.243.214.239"
- "185.102.217.65"
- "185.93.1.243"
- "185.243.214.244"
- "156.146.40.49"
- "185.59.220.199"
- "185.59.220.198"
- "195.181.166.158"
- "185.180.12.68"
- "185.31.158.210"
- "139.99.63.197"
- "138.199.57.151"
- "138.199.24.209"
- "89.187.162.251"
- "138.199.24.211"
- "89.187.169.3"
- "89.187.185.164"
- "89.187.169.39"
- "89.187.169.47"
- "37.19.206.70"
- "23.81.206.222"
- "5.189.202.54"
- "84.17.46.51"
- "185.101.138.146"
- "5.188.120.15"
- "200.25.62.76"
- "156.146.53.225"
- "200.25.38.139"
- "138.199.24.218"
- "138.199.24.219"
- "138.199.46.65"
- "185.40.106.117"
- "143.244.38.129"
- "200.25.45.4"
- "200.25.57.5"
- "200.25.22.6"
- "200.25.11.8"
- "200.25.53.5"
- "122.10.147.2"
- "200.25.13.98"
- "128.1.121.170"
- "209.177.87.194"
- "107.155.21.186"
- "107.155.6.130"
- "107.155.27.226"
- "45.43.51.106"
- "84.17.44.161"
- "185.180.13.248"
- "89.187.185.237"
- "143.244.60.109"
- "41.242.2.18"
- "185.152.66.242"
- "92.38.138.8"
- "200.25.62.5"
- "200.25.38.69"
- "200.25.42.70"
- "200.25.36.166"
- "195.206.229.106"
- "138.199.9.99"
- "138.199.9.98"
- "138.199.37.225"
- "92.223.88.123"
- "138.199.15.129"
- "84.17.46.52"
- "92.223.80.170"
- "185.93.2.243"
- "194.242.11.186"
- "37.19.203.80"
- "138.199.37.226"
- "65.108.101.60"
- "185.164.35.8"
- "193.39.14.167"
- "37.120.194.22"
- "185.173.226.42"
- "195.69.143.190"
- "94.20.154.22"
- "37.19.216.129"
- "185.93.1.244"
- "89.38.224.138"
- "213.170.143.68"
- "138.199.9.107"
- "156.59.145.154"
- "143.244.49.177"
- "102.129.144.44"
- "141.94.200.27"
- "89.187.165.193"
- "23.248.177.58"
- "138.199.46.66"
- "138.199.37.227"
- "138.199.37.231"
- "138.199.37.230"
- "138.199.37.229"
- "103.216.222.103"
- "138.199.46.69"
- "138.199.46.68"
- "138.199.46.67"
- "185.93.1.246"
- "103.216.222.105"
- "103.216.222.107"
- "138.199.37.232"
- "103.216.222.109"
- "195.181.163.196"
- "107.182.163.162"
- "195.181.163.195"
- "84.17.46.53"
- "212.102.43.81"
- "212.102.40.114"
- "185.234.52.150"
- "84.17.46.54"
- "138.199.40.58"
- "143.244.38.134"
- "185.152.64.17"
- "84.17.59.115"
- "89.187.165.194"
- "103.216.222.111"
- "138.199.15.193"
- "89.35.237.170"
- "37.19.216.130"
- "185.93.1.247"
- "185.93.3.244"
- "180.149.231.39"
- "209.160.96.178"
- "143.244.49.179"
- "143.244.49.180"
- "195.181.164.178"
- "143.244.49.187"
- "143.244.51.67"
- "143.244.51.65"
- "143.244.51.66"
- "138.199.9.104"
- "122.10.251.138"
- "212.102.50.52"
- "185.152.66.243"
- "143.244.49.178"
- "138.199.46.75"
- "156.146.53.227"
- "169.150.207.49"
- "146.59.68.188"
- "200.25.18.73"
- "84.17.63.178"
- "200.25.32.131"
- "143.244.38.139"
- "169.150.215.113"
- "169.150.207.51"
- "37.19.207.34"
- "169.150.207.57"
- "169.150.207.58"
- "169.150.207.56"
- "204.16.244.131"
- "208.83.234.216"
- "87.249.137.50"
- "185.93.2.248"
- "134.195.197.175"
- "172.105.63.17"
- "128.1.104.170"
- "195.181.163.70"
- "192.189.65.146"
- "143.244.45.177"
- "176.123.9.72"
- "185.93.1.249"
- "185.93.1.250"
- "169.150.215.115"
- "209.177.87.197"
- "156.146.56.162"
- "156.146.56.161"
- "185.93.2.246"
- "185.93.2.245"
- "212.102.50.58"
- "92.223.73.75"
- "212.102.40.113"
- "185.93.2.244"
- "158.69.123.215"
- "143.244.50.82"
- "143.244.50.83"
- "156.146.56.163"
- "156.59.181.10"
- "185.135.85.154"
- "104.218.233.175"
- "185.165.170.74"
- "92.223.103.16"
- "102.219.177.93"
- "129.227.217.178"
- "200.25.69.72"
- "139.99.68.6"
- "128.1.52.179"
- "200.25.16.103"
- "15.235.54.226"
- "207.246.64.80"
- "116.202.155.146"
- "108.61.127.143"
- "116.202.193.178"
- "116.202.236.170"
- "46.4.116.17"
- "104.194.8.93"
- "139.99.63.166"
- "139.99.150.49"
- "116.202.224.168"
- "188.40.126.227"
- "88.99.26.189"
- "168.119.39.238"
- "88.99.26.97"
- "168.119.12.188"
- "199.247.1.226"
- "157.245.99.163"
- "51.195.190.71"
- "169.197.143.85"
- "169.197.143.195"
- "104.238.220.175"
- "176.9.139.55"
- "176.9.139.94"
- "172.96.160.206"
- "38.75.137.102"
- "38.75.137.10"
- "38.75.136.40"
- "38.75.137.65"
- "38.75.136.153"
- "38.75.136.111"
- "5.161.66.71"
- "5.161.65.35"
- "5.161.65.27"
- "5.161.66.72"
- "5.161.65.29"
- "5.161.62.81"
- "5.161.63.17"
- "5.161.63.53"
- "5.161.63.45"
- "5.161.63.68"
- "5.161.74.57"
- "5.161.75.48"
- "5.161.73.210"
- "5.161.69.81"
- "5.161.67.9"
- "5.161.67.27"
- "142.132.223.79"
- "142.132.223.80"
- "142.132.223.81"
- "5.161.88.97"
- "5.161.90.228"
- "5.161.85.161"
- "5.161.78.181"
- "5.161.84.169"
- "5.161.92.86"
- "5.161.92.85"
- "5.161.92.84"
- "5.161.72.83"
- "5.161.70.244"
- "5.161.71.198"
- "5.161.49.93"
- "5.161.72.89"
- "5.161.72.135"
- "5.161.72.194"
- "5.161.72.200"
- "5.161.70.230"
- "5.161.60.80"
- "38.75.137.193"
- "38.75.136.208"
- "64.140.160.18"
- "104.237.58.186"
- "64.140.162.66"
- "51.161.198.33"
- "169.150.207.55"
- "143.244.50.81"
- "143.244.51.75"
- "109.248.43.116"
- "109.248.43.117"
- "109.248.43.162"
- "109.248.43.163"
- "109.248.43.164"
- "109.248.43.165"
- "49.12.71.27"
- "49.12.0.158"
- "78.47.94.156"
- "109.248.43.159"
- "109.248.43.160"
- "109.248.43.208"
- "109.248.43.179"
- "109.248.43.232"
- "109.248.43.231"
- "109.248.43.241"
- "109.248.43.236"
- "109.248.43.240"
- "116.202.118.194"
- "116.202.80.29"
- "159.69.57.80"
- "139.180.129.216"
- "139.99.174.7"
- "89.187.169.18"
- "89.187.162.166"
- "89.187.162.245"
- "185.180.13.241"
- "185.180.13.242"
- "185.180.13.243"
- "185.59.220.203"
- "185.59.220.200"
- "185.59.220.202"
- "185.59.220.201"
- "89.187.169.26"
- "212.102.56.49"
- "212.102.56.48"
- "212.102.56.54"
- "212.102.56.57"
- "185.180.13.246"
- "143.244.63.120"
- "138.199.9.97"
- "138.199.40.49"
- "138.199.40.50"
- "138.199.40.51"
- "138.199.9.105"
- "143.244.38.132"
- "143.244.38.133"
- "37.19.222.241"
- "143.244.49.181"
- "89.187.179.7"
- "84.17.35.196"
- "84.17.35.195"
- "143.244.62.213"
- "185.93.3.246"
- "195.181.163.198"
- "185.152.64.19"
- "84.17.37.211"
- "212.102.50.54"
- "138.199.4.133"
- "138.199.4.132"
- "212.102.46.115"
cidr:
- "192.168.0.0/16"
- "10.0.0.0/8"
- "172.16.0.0/12"
- "38.92.173.0/24"
- "91.200.176.0/24"
- "103.180.114.0/24"
# expression:
# - "'foo.com' in evt.Meta.source_ip.reverse"