crowdsec/README.md

35 lines
1.9 KiB
Markdown
Raw Normal View History

2020-05-15 16:23:34 +00:00
<p align="center">
<img src="docs/assets/images/crowdsec_logo1.png" alt="CrowdSec" title="CrowdSec" />
</p>
<p align="center">
<img src="https://github.com/crowdsecurity/crowdsec/workflows/Go/badge.svg">
<img src="https://github.com/crowdsecurity/crowdsec/workflows/build-binary-package/badge.svg">
</p>
<p align="center">
2020-05-18 11:55:21 +00:00
:books: <a href="https://doc.crowdsec.net">Documentation</a>
2020-05-15 16:34:08 +00:00
:diamond_shape_with_a_dot_inside: <a href="https://hub.crowdsec.net">Hub</a>
:speech_balloon: <a href="https://discourse.crowdsec.net">Discourse </a>
2020-05-15 16:23:34 +00:00
</p>
2020-05-15 09:39:16 +00:00
2020-05-15 11:00:54 +00:00
## About the crowdsec project
2020-05-15 09:39:16 +00:00
2020-05-19 08:14:24 +00:00
Crowdsec is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various level (infrastructural, system, applicative).
2020-05-15 09:39:16 +00:00
2020-05-19 08:14:24 +00:00
To achieve this, crowdsec reads logs from different sources (files, streams ...) to parse, normalize and enrich them before comparing them to scenarios.
2020-05-15 09:39:16 +00:00
2020-05-15 11:00:54 +00:00
Scenarios describe more or less specific attacks, ultimately allowing to report malevolent actors and take further action, such as blocking, reporting, throttling etc.
2020-05-15 09:39:16 +00:00
2020-05-15 11:00:54 +00:00
One of the advantages of Crowdsec when compared to other solutions is its crowded aspect : Meta information about detected attacks (source IP, time and triggered scenario) are sent to a central API and then shared amongst all users.
2020-05-15 09:39:16 +00:00
2020-05-15 11:00:54 +00:00
Besides detecting and stopping attacks in real time based on your logs, it allows you to preemptively block known malevolent actors from accessing your information system.
2020-05-15 09:39:16 +00:00
2020-05-15 11:00:54 +00:00
## About this repository
2020-05-15 09:39:16 +00:00
2020-05-15 11:00:54 +00:00
This repository contains the code for the two main components of crowdsec :
- `crowdsec` : the daemon a-la-fail2ban that can read, parse, enrich and apply heuristis to logs. This is the component in charge of "detecting" the attacks
- `cscli` : the cli tool mainly used to interact with crowdsec : ban/unban/view current bans, enable/disable parsers and scenarios.
2020-05-15 09:39:16 +00:00