From 6e417dcf319f9536f7b862f58f79b3576cec4211 Mon Sep 17 00:00:00 2001
From: rohow <rohow@foxmail.com>
Date: Thu, 31 Oct 2024 10:39:41 +0800
Subject: [PATCH] =?UTF-8?q?feat(crowdsec):=20=E5=90=AF=E7=94=A8=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E7=A0=81=E6=8C=91=E6=88=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/infra/monitor/crowdsec/helmchart.yaml | 27 ++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/apps/infra/monitor/crowdsec/helmchart.yaml b/apps/infra/monitor/crowdsec/helmchart.yaml
index 10d28d9..36d78c4 100644
--- a/apps/infra/monitor/crowdsec/helmchart.yaml
+++ b/apps/infra/monitor/crowdsec/helmchart.yaml
@@ -62,6 +62,7 @@ spec:
         data:
           enabled: false
     config:
+      # api config.yaml配置
       config.yaml.local: |
         db_config:
           type: postgresql
@@ -71,6 +72,32 @@ spec:
           user: app
           password: nyrHzh9WWlDZzvVw7bDFo74gKb9zsls0Sy7OwRTDWiRTNPQQQkW85taUFAoX2AIC
           sslmode: require
+      # api profiles.yaml配置
+      profiles.yaml:
+        name: captcha_remediation
+        filters:
+          - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() contains "http" && GetDecisionsSinceCount(Alert.GetValue(), "24h") <= 3
+        decisions:
+          - type: captcha
+            duration: 4h
+        on_success: break
+        ---
+        name: default_ip_remediation
+        filters:
+          - Alert.Remediation == true && Alert.GetScope() == "Ip"
+        decisions:
+          - type: ban
+            duration: 4h
+        on_success: break
+        ---
+        name: default_range_remediation
+        filters:
+          - Alert.Remediation == true && Alert.GetScope() == "Range"
+        decisions:
+          - type: ban
+            duration: 4h
+        on_success: break
+      # agent parsers 配置
       parsers:
         s01-parse:
           # 新增nginx json日志解析