You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+62Lines changed: 62 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,7 +19,69 @@ The following command is used to run an IP check through the CrowdSec's CTI API'
19
19
-`ipfield`:
20
20
- It denotes the field name where the IP address is stored in the index.
21
21
22
+
-`profile`:
23
+
Optional preset that selects a predefined set of CrowdSec output fields.
24
+
22
25
## Results
23
26
On the event of clicking the `Search` button, users will be able to view a brief overview of various fields associated with the input IP address.
24
27
25
28
This includes but not limited to location, behaviors, classifications, attack details – name, label, description, references followed by scores, threats, etc.
29
+
30
+
31
+
## Local Dump
32
+
33
+
The first time you setup the local dump feature, you need to download manually the CrowdSec lookup databases (they will be updated every 24h automatically after that):
34
+
35
+
```
36
+
| cssmokedownload
37
+
```
38
+
39
+
After that, you can look up IPs using the local databases.
40
+
41
+
**Note:** Check the `query_time` and `query_mode` fields in the results to confirm whether lookups are done via `local_dump` or the live API.
42
+
43
+
## Configuration file
44
+
45
+
You can configure the CrowdSec app by uploading a JSON configuration file:
46
+
47
+
```
48
+
{
49
+
"api_key": "YOUR_API_KEY_HERE",
50
+
"batching": true|false,
51
+
"batch_size": 20,
52
+
"local_dump": true|false
53
+
}
54
+
```
55
+
56
+
### `api_key`
57
+
58
+
CrowdSec CTI API key.
59
+
60
+
**Warning:** Local dump and live CTI API lookups are mutually exclusive (enable only one mode).
61
+
62
+
### `batching`
63
+
64
+
Enable batching for live CTI API lookups.
65
+
66
+
### `batch_size`
67
+
68
+
Batch size used when `batching` is enabled.
69
+
70
+
### `local_dump`
71
+
72
+
Enable local dump mode (use the downloaded lookup databases).
73
+
74
+
Lookup databases are download automatically every 24h.
75
+
76
+
**Warning:** Local dump requires a CTI API key that has access to the dump endpoint.
77
+
78
+
79
+
## Profiles
80
+
81
+
Profiles are optional presets that automatically select a predefined set of CrowdSec output fields, so results stay consistent and you don’t have to manually maintain long fields= lists. You can still combine profile with fields to further restrict what is returned.
0 commit comments