I must disable one of the cidr (10/8) from parsers/s02-enrich/whitelists.yaml because I do want them to be reported and acted upon. They can be source of spread in internal huge network upon possible attack.
My question is:
Please advise.
Hello,
It is not possible to not share signal with the Crowdsec Central API and get the community-blocklist for it.
It is ok for us to send signal about those privates IPs, you should not worry about poluting us.
Thank you kindly for reply!
One more question around this: documentation at Introduction | CrowdSec states " This information is only going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are not pushed"
I did modified
/etc/crowdsec/parsers/s02-enrich/whitelists.yaml
which came from hub, judging from the logs, signals are being pushed to CSAPI.
Hi @rdslw,
There is no bug, it’s only about scenarios. You modified a parser so it will be still pushed.
So the documentation is correct 
Thanks.
What does “this information” mean in the documentation in the sentence I quoted? what is or is not being pushed based on scenario being/not being modified?
This information, means the signal meta-data that is pushed. In the same documentation link you pasted, there is all the meta-data listing :
When crowdsec blocks an attack, unless you opt-out of it, crowdsec is going to push “signal meta-data”. Those meta-data are :