Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document "How to silence alerts/decisions for IPs that already have decisions" #681

Open
buixor opened this issue Nov 20, 2024 · 1 comment
Open

Document "How to silence alerts/decisions for IPs that already have decisions" #681

buixor opened this issue Nov 20, 2024 · 1 comment

Comments

@buixor
Copy link
Contributor

buixor commented Nov 20, 2024

cf. https://www.reddit.com/r/CrowdSec/comments/1gvby56/why_are_alertsdecisions_being_shown_for_something/
@LaurenceJJones
Copy link
Contributor

Me and @blotus discussed this after daily so even with ActiveDecisionsCount helper you can never silence the alert, you can avoid making a decision but any alerts that get sent to lapi are documented and will be sent to the console no matter what.

From my own opinion if an alert is generated you would only want to silence a notification, not an alert as there is useful context information that you might want to know or explore EG: I have an application and somebody is exploiting an old vulnerability. Yes this would inflate the noise on your console account but we have no way to mark an alert to not to be sent currently within crowdsec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@buixor @LaurenceJJones