akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
Files
f64e3feef890e8dd183da410b62df619f758abbe
Charon/frontend/src/data/crowdsecPresets.ts
GitHub Actions f64e3feef8 chore: clean .gitignore cache
2026-01-26 19:22:05 +00:00

78 lines
2.3 KiB
TypeScript
Raw Blame History

export interface CrowdsecPreset {
slug: string
title: string
description: string
content: string
tags?: string[]
warning?: string
}
export const CROWDSEC_PRESETS: CrowdsecPreset[] = [
{
slug: 'bot-mitigation-essentials',
title: 'Bot Mitigation Essentials',
description:
'Core HTTP parsers and scenarios aimed at credential stuffing, scanners, and bad crawlers with minimal false positives.',
tags: ['bots', 'web', 'auth'],
content: `configs:
collections:
- crowdsecurity/base-http-scenarios
- crowdsecurity/http-cve
- crowdsecurity/http-bad-user-agent
parsers:
- crowdsecurity/http-logs
- crowdsecurity/nginx-logs
- crowdsecurity/apache2-logs
scenarios:
- crowdsecurity/http-bf
- crowdsecurity/http-sensitive-files
- crowdsecurity/http-probing
- crowdsecurity/http-crawl-non_statics
postoverflows:
- crowdsecurity/whitelists
`,
warning: 'Best for internet-facing apps; ensure allowlists cover SSO and monitoring probes.',
},
{
slug: 'honeypot-friendly-defaults',
title: 'Honeypot Friendly Defaults',
description: 'Lightweight defaults tuned for tarpits and research honeypots to reduce noisy bans.',
tags: ['low-noise', 'ssh', 'http'],
content: `configs:
collections:
- crowdsecurity/sshd
- crowdsecurity/caddy
parsers:
- crowdsecurity/sshd-logs
- crowdsecurity/caddy-logs
scenarios:
- crowdsecurity/ssh-bf
- crowdsecurity/http-backdoors-attempts
- crowdsecurity/http-probing
postoverflows:
- crowdsecurity/whitelists
`,
warning: 'Keep honeypot endpoints isolated; avoid applying to production ingress.',
},
{
slug: 'geolocation-aware',
title: 'Geolocation Aware',
description: 'Adds geo-enrichment and region-aware scenarios to tighten access by country.',
tags: ['geo', 'access-control'],
content: `configs:
collections:
- crowdsecurity/geoip-enricher
scenarios:
- crowdsecurity/geo-fencing
- crowdsecurity/geo-bf
postoverflows:
- crowdsecurity/whitelists
`,
warning: 'Requires GeoIP database. Pair with ACLs to avoid blocking legitimate traffic.',
},
]
export const findCrowdsecPreset = (slug: string): CrowdsecPreset | undefined => {
return CROWDSEC_PRESETS.find((preset) => preset.slug === slug)
}
Reference in New Issue View Git Blame Copy Permalink