apiVersion: v1
kind: ConfigMap
metadata:
  name: crowdsec-config
  namespace: crowdsec
  labels:
    app: crowdsec
    managedBy: kustomize
    partOf: wild-cloud
data:
  acquis.yaml: |
    filenames:
      - /var/log/containers/traefik-*_traefik_*.log
    force_inotify: true
    poll_without_inotify: true
    labels:
      type: containerd
      program: traefik
  profiles.yaml: |
    name: default_ip_remediation
    debug: false
    filters:
    - Alert.Remediation == true && Alert.GetScope() == "Ip"
    decisions:
    - type: ban
      duration: 4h
    on_success: break
    ---
    name: default_range_remediation
    debug: false
    filters:
    - Alert.Remediation == true && Alert.GetScope() == "Range"
    decisions:
    - type: ban
      duration: 4h
      scope: Range
    on_success: break
  postoverflows.yaml: |
    # Post-overflow configuration for crowdsec
    name: "rdns"
    debug: false
    filter: "evt.Enriched.IsoCode != ''"
    # Add reverse DNS enrichment