CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
Find a file
Thibault bui Koechlin fa12c29598 fix hub url in doc
2020-05-25 18:54:07 +02:00
.github don't make action fail if there is warnings, it's not flawless yet 2020-05-22 11:49:54 +02:00
cmd add missing IPs calculation 2020-05-25 15:22:06 +02:00
config fix dev config 2020-05-22 18:22:43 +02:00
data initial import 2020-05-15 11:39:16 +02:00
docs improve intro again 2020-05-19 14:11:11 +02:00
pkg Merge pull request #22 from crowdsecurity/add_expr_helpers 2020-05-25 12:12:49 +02:00
plugins/backend linter fixes 2020-05-20 18:05:05 +02:00
scripts initial import 2020-05-15 11:39:16 +02:00
tests/scenario initial import 2020-05-15 11:39:16 +02:00
.gitignore Initial commit 2020-05-15 11:38:06 +02:00
go.mod add json support via expr helpers 2020-05-22 18:12:33 +02:00
go.sum add json support via expr helpers 2020-05-22 18:12:33 +02:00
LICENSE Initial commit 2020-05-15 11:38:06 +02:00
Makefile initial import 2020-05-15 11:39:16 +02:00
mkdocs.yml fix hub url in doc 2020-05-25 18:54:07 +02:00
README.md add installation gif 2020-05-22 12:15:49 +02:00
RELEASE.json bump version 2020-05-25 12:18:14 +02:00
wizard.sh fix wizard 2020-05-24 18:40:00 +02:00

⚠️ Crowdsec BETA ⚠️

CrowdSec

📚 Documentation 💠 Hub 💬 Discourse

About the crowdsec project

Crowdsec is an open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various level (infrastructural, system, applicative).

To achieve this, crowdsec reads logs from different sources (files, streams ...) to parse, normalize and enrich them before matching them to threats patterns called scenarios.

Crowdsec is a modular and plug-able framework, it ships a large variety of well known popular scenarios; users can choose what scenarios they want to be protected from as well as easily adding new custom ones to better fit their environment.

Detected malevolent peers can then be prevented from accessing your resources by deploying blockers at various levels (applicative, system, infrastructural) of your stack.

One of the advantages of Crowdsec when compared to other solutions is its crowded aspect : Meta information about detected attacks (source IP, time and triggered scenario) are sent to a central API and then shared amongst all users.

Besides detecting and stopping attacks in real time based on your logs, it allows you to preemptively block known bad actors from accessing your information system.

About this repository

This repository contains the code for the two main components of crowdsec :

  • crowdsec : the daemon a-la-fail2ban that can read, parse, enrich and apply heuristis to logs. This is the component in charge of "detecting" the attacks
  • cscli : the cli tool mainly used to interact with crowdsec : ban/unban/view current bans, enable/disable parsers and scenarios.

⚠️ Beta version

Please note that crowdsec is currently in beta version, use with caution !