Im using crowdsec latest with opnsense latest, all is working well, and i have notifications to email, also working well, only that when i receive a notificatrion for ban ip due to portscan for example, i dont get which wan interface did that ban get on, i have 4 WAN interfaces and i want to know on which interface / WAN IP was that detceted on / banned on.
The parser set a meta attribute called iface if you inspect an alert via cscli alerts inspect <id> -d does that meta attribute include the information you are looking for?
to get the id you can run cscli alerts list and pick a portscan alert.
