The Central API is the service where the Local API pushes signal meta-data and from where it receives the community blocklists.
#Data exchanged with the Central API
This information is only going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are not pushed
When CrowdSec blocks an attack, unless you opt-out of it, CrowdSec is going to push "signal meta-data". Those meta-data are :
- The name of the scenario that was triggered
- The hash & version of the scenario that was triggered
- The timestamp of the decision
- Your machine_id
- The offending IP address (along with its geoloc info when available)
The community blocklist matches the scenarios deployed on the CrowdSec instance. For this reason, CrowdSec provides the list of enabled scenarios (from the hub only) during the login process.
With the upcoming release of the console and for genreal health monitoring of the project, crowdsec reports the following data to the Central API :
- name and versions of the deployed bouncers
- name and versions of the CrowdSec agents registered to the Local API