Crowdsec Improvements #324
Description
1) UI: split Channel / Notify by Connection type
Allow configuring Channel and Notify on/off per connection type (example discussion in Discord).
Use case: different delivery targets depending on how the notifier is configured (and/or which downstream channel should receive security alerts).
2) Payload: additional metadata fields
Add these fields to the notifiarr discord notification options
meta.target_domain— targeted hostname/vhost (which site in SWAG)meta.method— HTTP verb(s) (GET/POST/etc.)meta.status— HTTP status code(s) (444/403/401/etc.)meta.target_uri— top 1–3 requested paths that triggeredmeta.user_agent— user-agent (trimmed)start_at— first-seen for this alert windowstop_at— last-seen for this alert window (separate field; not embedded in message only)leakspeed— scenario detection window/rate context (e.g.,10s)source.as_number— ASN number (stable attribution; complements org name)uuid— alert ID (dedupe/correlation across notifiers)decisions[0].uuid— decision ID (correlate/remove/allowlist precisely)decisions[0].scope— explicit scope (Ip/Range/Country) shown even if implied today
Notes / Implementation expectations
meta.user_agentshould be trimmed/sanitized to avoid excessive payload size.meta.target_urishould be top N (1–3) to keep payload small.start_at/stop_atshould be explicit timestamps, not only embedded inside a formatted message string.