Skip to main content
Version: v1.2

Introduction

The central API is the service where the local API pushes signal meta-data and from where it receives the community blocklists.

Data exchanged with the central API#

Signal meta-data#

info

This information is only going to be pushed when a scenario is coming from the Hub and is unmodified. Custom scenarios, tainted scenarios and manual decisions are not pushed

When CrowdSec blocks an attack, unless you opt-out of it, it is going to push "signal meta-data". Those meta-data are:

  • The name of the scenario that was triggered
  • The hash & version of the scenario that was triggered
  • The timestamp of the decision
  • Your machine_id
  • The offending IP (along with its geolocation information when available)

Scenario list#

The community blocklist matches scenarios deployed on the CrowdSec instance. For this reason, CrowdSec provides the list of enabled scenarios (from the Hub only) during the login process.

Console metrics#

With the upcoming release of the console and for general health monitoring of the project, CrowdSec reports the following information to the central API:

  • name and versions of deployed bouncers
  • name and versions of registered CrowdSec agents to the local API