Hi,
I installed crowdsec on my k8s cluster, with traefik TLS integration.
It seems to work, based on the nikto test.
Thing is: I see different numbers and types/IPs in local LAPI alerts/decisions and online alerts.
I see 7 online alerts I do not see locally, and I see some local alerts I do not see online.
Why is there such a difference? Is it wanted? Does it take time to align?
Thank you.
So the alerts you see online should be visible via cscli alerts list NOT cscli decisions list as the decision may have expired that why you dont see it via decisions . The local alerts show only locally generated alerts, within k8s there could be a chance the enrolled LAPI you see is not the one that enrolled as since k8s can bring up and down LAPIs you might need to set the enrollment key on the LAPI environment