Gabesville/Docker-Compose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml

Browse Source
This commit is contained in:
Gabe
2026-05-15 02:57:27 +00:00
parent dbea3dcf05
commit 6c6612c582
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Security_Containers/crowdsec/postoverflows/s01-whitelist/geoip-allow.yaml
+5 -4
View File
@@ -1,7 +1,8 @@
name: crowdsecurity/geoip-allow-us-de name: crowdsecurity/geoip-allow-us-de
description: "Block all countries except US and Germany" description: "Block all countries except US and Germany"
filter: "evt.Enriched.IsoCode != 'US' && evt.Enriched.IsoCode != 'DE'" filter: "evt.Enriched.IsoCode != 'US' && evt.Enriched.IsoCode != 'DE'"
blackhole: 1m whitelist:
labels: reason: "GeoIP block - country not in allowlist"
type: geo_block expression:
remediation: true - "evt.Enriched.IsoCode == 'US'"
- "evt.Enriched.IsoCode == 'DE'"