cscli parsers install crowdsecurity/actual-budget-whitelistWhen loading the homepage of an Actual Budget instance, even before logging in, requests for database migrations are made (/data/migrations/<migration-name>.sql). Files ending in .sql are non static files which will trigger http-crawl-non_statics and are also sensitive files which will trigger http-sensitive-files if this whitelist is not used.
1name: crowdsecurity/actual-budget-whitelist2description: "Whitelist events from actual budget"3filter: "evt.Meta.service == 'http' && evt.Meta.log_type in ['http_access-log', 'http_error-log']"4whitelist:5 reason: "Actual Budget whitelist"6 expression:7 - evt.Meta.http_status in ['200', '304'] && evt.Meta.http_verb == 'GET' && evt.Meta.http_path matches '^\\/data\\/migrations\\/([A-Za-z0-9\\-\\_]+)\\.sql$' # When loading database migrations8