"
I've never used Crowdsec before so this may not be the best solution, but what I did was run
which creates a whitelist.yaml file in
/usr/local/etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity
then I edited that file to whatever I desire. After restarting Crowdsec it shows as 'enabled,tainted' but I guess 'tainted' just means the default auto-generated config was updated. It seems to be working
Code Select
cscli parsers install crowdsecurity/whitelistswhich creates a whitelist.yaml file in
/usr/local/etc/crowdsec/hub/parsers/s02-enrich/crowdsecurity
then I edited that file to whatever I desire. After restarting Crowdsec it shows as 'enabled,tainted' but I guess 'tainted' just means the default auto-generated config was updated. It seems to be working
