Improvement/crowdsec : provide some kind of variable support

[dani]

when installing parsers and decisions from the hub, all values (especially buckets capacity and leakspeed) are "hardcoded". It'd be great to have some kind of variable support so I could override those values locally, without having to fork the entire scenario from the hub.

Eg

type: leaky
name: crowdsecurity/postfix-spam
description: "Detect spammers"
variables:
  # Provide default values
  postfix_leekspeed: 10s
  postfix_capacity: 5
filter: "evt.Meta.log_type_enh == 'spam-attempt' || evt.Meta.log_type == 'postfix' && evt.Meta.action == 'reject'"
leakspeed: $postfix_leakspeed
references:
  - https://en.wikipedia.org/wiki/Spamming
capacity: $postfix_capacity
groupby: evt.Meta.source_ip
blackhole: 1m
[...]

Then in eg /etc/crowdsec/variables.yml, I could override those with

postfix_leakspeed: 120s
postfix_capacity: 3

And those values would take precedence over the variables set in the scenario.

[buixor]

Hello @dani !

Yes, this is something that will be coming soon, we're going to soon publish a proposal and I will be sure to highlight you to get some feedback :+1:

(note: it is likely to be something inspired from rfc6902 with some user-friendly sugar coating on top. the idea is to make it trivial to use yet powerful enough.)

[buixor]

Hello @dani,

This thread https://discourse.crowdsec.net/t/request-for-comments-parsers-scenarios-customization-in-the-crowdsec-agent/129 is exactly about that, your feedback would be welcomed !

[buixor]

Closing this one as it should be solved by https://github.com/crowdsecurity/crowdsec/issues/660