Data exchanged with the Central API
This information is only going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are not pushed unless enrolled into the console.
When the Security Engine generates an alert, unless you opt-out of it, it will push "signal meta-data". The meta-data are :
- The name of the scenario that was triggered
- The hash & version of the scenario that was triggered
- The timestamp of the decision
- Your machine_id
- The offending IP address (along with its geoloc info when available)
The community blocklist matches the scenarios deployed on the Security Engine instance. For this reason, the Security Engine provides the list of enabled scenarios during the login process.
To give you more information in the console and for general health monitoring of the project, crowdsec reports the following data to the Central API :
- name and versions of the deployed Remediation Components
- name and versions of the Security Engines registered to the Local API