Introduction
TheCentral API is the service where the Local API pushessignal meta-data and from where it receives thecommunity blocklists.
Data exchanged with the Central API
Signal meta-data
This information isonly going to be pushed when a scenario is coming from the hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions arenot pushed unless enrolled into the console.
When the Security Engine generates an alert,unless you opt-out of it, it will push "signal meta-data". The meta-data are :
- The name of the scenario that was triggered
- The hash & version of the scenario that was triggered
- The timestamp of the decision
- Your machine_id
- The offending IP address (along with its geoloc info when available)
Scenario list
The community blocklist matches the scenarios deployed on the Security Engine instance. For this reason, the Security Engine provides the list of enabled scenarios duringthe login process.
Console metrics
To give you more information in theconsole and for general health monitoring of the project, crowdsec reports the following data to the Central API :
- name and versions of the deployed Remediation Components
- name and versions of the Security Engines registered to the Local API
