cscli alerts list -i not showing all alerts
Maybe there is a misunderstanding on my side but it looks like
Alert-IDs 1180, 1181, 1184 are missing from the 2nd listing.
But each has a
According to
So shouldn't the alerts 1180, 1181, 1184 be included?
cscli alerts list -icscli alerts list
│ ID │ value │ reason
[...]
│ 1185 │ Ip:52.169.252.59 │ crowdsecurity/http-admin-interface-probing
│ 1184 │ Ip:52.169.252.59 │ crowdsecurity/generic-wordpress-uploads-php
│ 1183 │ Ip:52.169.252.59 │ crowdsecurity/http-wordpress-scan
│ 1182 │ Ip:52.169.252.59 │ crowdsecurity/appsec-vpatch
│ 1181 │ Ip:52.169.252.59 │ crowdsecurity/generic-wordpress-uploads-php
│ 1180 │ Ip:52.169.252.59 │ crowdsecurity/generic-wordpress-uploads-listing
│ 1179 │ Ip:52.169.252.59 │ crowdsecurity/http-crawl-non_statics
│ 1178 │ Ip:52.169.252.59 │ crowdsecurity/http-backdoors-attempts
│ 1177 │ Ip:52.169.252.59 │ crowdsecurity/http-probing
│ 1176 │ Ip:52.169.252.59 │ crowdsecurity/crowdsec-appsec-outofband
[...]cscli alerts list -i 52.169.252.59
│ ID │ value │ reason
│ 1185 │ Ip:52.169.252.59 │ crowdsecurity/http-admin-interface-probing
│ 1183 │ Ip:52.169.252.59 │ crowdsecurity/http-wordpress-scan
│ 1182 │ Ip:52.169.252.59 │ crowdsecurity/appsec-vpatch
│ 1179 │ Ip:52.169.252.59 │ crowdsecurity/http-crawl-non_statics
│ 1178 │ Ip:52.169.252.59 │ crowdsecurity/http-backdoors-attempts
│ 1177 │ Ip:52.169.252.59 │ crowdsecurity/http-probing
│ 1176 │ Ip:52.169.252.59 │ crowdsecurity/crowdsec-appsec-outofbandAlert-IDs 1180, 1181, 1184 are missing from the 2nd listing.
But each has a
- Scope:Value : Ip:52.169.252.59cscli alerts inspect 1180According to
cscli alerts list -h-i, --ip string restrict to alerts from this source ip (shorthand for --scope ip --value <IP>)So shouldn't the alerts 1180, 1181, 1184 be included?
