Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[cscli] Alerts list created_at? #3321

Open
LaurenceJJones opened this issue Nov 11, 2024 · 4 comments
Open

[cscli] Alerts list created_at? #3321

LaurenceJJones opened this issue Nov 11, 2024 · 4 comments
Assignees
Milestone

Comments

@LaurenceJJones
Copy link
Contributor

LaurenceJJones commented Nov 11, 2024

When using cscli to list alerts I noticed something odd, the created_at column is different when inspected?

02:28:31 ~ cscli alerts list
╭────────┬────────────────────┬────────────────────────────────────────────┬─────────┬─────────────────────────────────────────────────┬───────────┬─────────────────────────────────────────╮
│   ID   │        value       │                   reason                   │ country │                        as                       │ decisions │                created_at               │
├────────┼────────────────────┼────────────────────────────────────────────┼─────────┼─────────────────────────────────────────────────┼───────────┼─────────────────────────────────────────┤
│ 130042 │ Ip:XXXXXXXXXXXXXXX │ crowdsecurity/endlessh-bf                  │ NG      │ 135377 UCLOUD INFORMATION TECHNOLOGY HK LIMITED │ ban:1     │ 2024-11-11 14:01:56.385924054 +0000 UTC │
╰────────┴────────────────────┴────────────────────────────────────────────┴─────────┴─────────────────────────────────────────────────┴───────────┴─────────────────────────────────────────╯
02:28:31 ~ → cscli alerts inspect 130042

################################################################################################

 - ID           : 130042
 - Date         : 2024-11-11T14:03:17Z
 - Machine      : a8a65f16861f4a7aa8a8fb021078b753410kSgPCYoo5sucD
 - Simulation   : false
 - Remediation  : true
 - Reason       : crowdsecurity/endlessh-bf
 - Events Count : 6
 - Scope:Value  : Ip:XXXXX
 - Country      : NG
 - AS           : UCLOUD INFORMATION TECHNOLOGY HK LIMITED
 - Begin        : 2024-11-11 14:01:56.385924054 +0000 UTC
 - End          : 2024-11-11 14:03:17.279822222 +0000 UTC
 - UUID         : 6689b073-33ff-4d3b-8c52-bf21bf053b98

 - Active Decisions  :
╭───────────┬───────────────────┬────────┬────────────┬──────────────────────╮
│     ID    │    scope:value    │ action │ expiration │      created_at      │
├───────────┼───────────────────┼────────┼────────────┼──────────────────────┤
│ 382257597 │ Ip:XXXXXXXXXXXXXX │ ban    │ 9h34m26s   │ 2024-11-11T14:03:17Z │
╰───────────┴───────────────────┴────────┴────────────┴──────────────────────╯

Edit:
Should the created_at field show the Begin or End as that is when the overflow actually occurred? as when looking at the console it seems the alert is "off"

image

Copy link

@LaurenceJJones: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

Copy link

@LaurenceJJones: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

  • /kind feature
  • /kind enhancement
  • /kind refactoring
  • /kind bug
  • /kind packaging
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository.

@LaurenceJJones
Copy link
Contributor Author

List shows:

*alertItem.StartAt,

Inspect shows:

@mmetc mmetc added this to the 1.6.5 milestone Jan 2, 2025
@mmetc
Copy link
Contributor

mmetc commented Jan 2, 2025

It's trivial to do but there is currently a mismatch in formatting because we use Go's standard String() for StartAt, and RFC3339 for CreatedAt.

I think we should use the same formats not only in the db but in the intermediate model, where times are defined as string

@mmetc mmetc self-assigned this Jan 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants