Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
When reviewing CrowdSec alerts in the OPNsense UI, the alerts grid only shows high-level information (IP, scenario, timestamp). To understand the full context of an alert — its triggered events, associated decisions, origin, and scenario details — you currently have to SSH into the firewall and run cscli alerts inspect <id> manually. This makes alert triage slow and requires CLI access that many users may not have or want to use.
Describe the solution you'd like
Add an inspect button to each row in the CrowdSec alerts grid. When clicked, it opens a modal showing the full alert details — triggered events, associated decisions, scenario, and origin — equivalent to what cscli alerts inspect <id> returns on the CLI. Numeric alert IDs are validated before being passed to configdRun to prevent injection.
Describe alternatives you've considered
The only current alternative is CLI access via cscli alerts inspect. There is no way to get this information from the OPNsense web UI at all, so the modal is the most natural fit — no other UI pattern would expose this level of detail without leaving the page.
Additional context
See PR #5306
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
When reviewing CrowdSec alerts in the OPNsense UI, the alerts grid only shows high-level information (IP, scenario, timestamp). To understand the full context of an alert — its triggered events, associated decisions, origin, and scenario details — you currently have to SSH into the firewall and run
cscli alerts inspect <id>manually. This makes alert triage slow and requires CLI access that many users may not have or want to use.Describe the solution you'd like
Add an inspect button to each row in the CrowdSec alerts grid. When clicked, it opens a modal showing the full alert details — triggered events, associated decisions, scenario, and origin — equivalent to what
cscli alerts inspect <id>returns on the CLI. Numeric alert IDs are validated before being passed toconfigdRunto prevent injection.Describe alternatives you've considered
The only current alternative is CLI access via
cscli alerts inspect. There is no way to get this information from the OPNsense web UI at all, so the modal is the most natural fit — no other UI pattern would expose this level of detail without leaving the page.Additional context
See PR #5306