CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
Find a file
AlteredCoder b7096be6e6
fix message to verbose in expr helper (#166)
Co-authored-by: AlteredCoder <AlteredCoder>
2020-07-30 17:12:47 +02:00
.github fix typo in release drafter 2020-07-30 15:59:05 +02:00
cmd Advise user to perform a reload when appropriate (#163) 2020-07-30 12:15:15 +02:00
config updated mysql plugin support (#135) 2020-07-16 16:05:03 +02:00
data initial import 2020-05-15 11:39:16 +02:00
docs fix doc for output plugins (#167) 2020-07-30 17:12:29 +02:00
pkg fix message to verbose in expr helper (#166) 2020-07-30 17:12:47 +02:00
plugins/backend updated mysql plugin support (#135) 2020-07-16 16:05:03 +02:00
scripts Advise user to perform a reload when appropriate (#163) 2020-07-30 12:15:15 +02:00
.gitignore Initial commit 2020-05-15 11:38:06 +02:00
go.mod Simulation support (#136) 2020-07-16 15:59:09 +02:00
go.sum add json support via expr helpers 2020-05-22 18:12:33 +02:00
LICENSE Initial commit 2020-05-15 11:38:06 +02:00
Makefile fix version release 2020-07-29 17:36:59 +02:00
mkdocs.yml fix doc for output plugins (#167) 2020-07-30 17:12:29 +02:00
README.md fix README typo 2020-07-28 15:46:08 +02:00
RELEASE.json remove requirement for version in RELEASE.json, the version is guessed from the git tag (#64) 2020-06-03 15:59:13 +02:00
wizard.sh remove data folder from release and fix binary size (#160) 2020-07-29 17:14:32 +02:00

⚠️ Crowdsec BETA ⚠️

CrowdSec

Coverage Status

📚 Documentation 💠 Hub 💬 Discourse

About the crowdsec project

Crowdsec is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various levels (infrastructural, system, applicative).

To achieve this, Crowdsec reads logs from different sources (files, streams ...) to parse, normalize and enrich them before matching them to threats patterns aka scenarios.

Crowdsec is a modular and plug-able framework, it ships a large variety of well known popular scenarios; users can choose what scenarios they want to be protected from as well as easily add new custom ones to better fit their environment.

Detected malevolent peers can then be prevented from accessing your resources by deploying blockers at various levels (applicative, system, infrastructural) of your stack.

One of the advantages of Crowdsec when compared to other solutions is its crowded aspect : Meta information about detected attacks (source IP, time and triggered scenario) are sent to a central API and then shared amongst all users.

Besides detecting and stopping attacks in real time based on your logs, it allows you to preemptively block known bad actors from accessing your information system.

Install it !

Find the latest release

Ensure you have dependencies :

for Debian based distributions
apt-get install bash gettext whiptail curl wget
for RedHat based distributions
yum install bash gettext newt curl wget
curl -s https://api.github.com/repos/crowdsecurity/crowdsec/releases/latest | grep browser_download_url| cut -d '"' -f 4  | wget -i -
tar xvzf crowdsec-release.tgz
cd crowdsec-v*
sudo ./wizard.sh -i

Key points

Fast assisted installation, no technical barrier

User is assisted during setup, providing functional out-of-the-box setup

Out of the box detection

Baseline detection is effective out-of-the-box, no fine-tuning required (click to expand)

Easy blocker deployment

It's trivial to add blockers to enforce decisions of crowdsec (click to expand)

Easy dashboard access

It's easy to deploy a metabase interface to view your data simply with cscli (click to expand)

About this repository

This repository contains the code for the two main components of crowdsec :

  • crowdsec : the daemon a-la-fail2ban that can read, parse, enrich and apply heuristis to logs. This is the component in charge of "detecting" the attacks
  • cscli : the cli tool mainly used to interact with crowdsec : ban/unban/view current bans, enable/disable parsers and scenarios.

⚠️ Beta version

Please note that crowdsec is currently in beta version, use with caution !