search

crowdsecurity / crowdsec

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
https://crowdsec.net
MIT License
8.37k stars 429 forks source link

Prometheus: expose machine_id in alert metrics #3125

Open seamus-45 opened 1 month ago

seamus-45 commented 1 month ago

What would you like to be added?

Add some context for alert metrics like machine name. This will allow to better see the attack vector on Grafana dashboards.

Current query is sum(cs_alerts{instance="$instance"}) on Crowdsec Details per instance dashboard and it display 0 alerts on agent nodes when local DB is disabled. When I change it to sum(cs_alerts{}) then all alerts from all instances is displayed. It would be better if we could see the source for alerts like sum(cs_alerts{}) by (alert_source) if such data were available.

Why is this needed?

Prometheus alert metrics become useless when the engine switched to the agent mode (with centralized LAPI) as they comes from the local DB even if local LAPI server is disabled.

github-actions[bot] commented 1 month ago

@seamus-45: Thanks for opening an issue, it is currently awaiting triage.

In the meantime, you can:

  1. Check Crowdsec Documentation to see if your issue can be self resolved.
  2. You can also join our Discord.
  3. Check Releases to make sure your agent is on the latest version.
Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
github-actions[bot] commented 1 month ago

@seamus-45: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.

Details I am a bot created to help the [crowdsecurity](https://github.com/crowdsecurity) developers manage community feedback and contributions. You can check out my [manifest file](https://github.com/crowdsecurity/crowdsec/blob/master/.github/governance.yml) to understand my behavior and what I can do. If you want to use this for your project, you can check out the [BirthdayResearch/oss-governance-bot](https://github.com/BirthdayResearch/oss-governance-bot) repository.
seamus-45 commented 1 month ago

/kind enhancement