Introduction
The CrowdSec Security Engine is an open-source, lightweight software that detects and blocks malicious actors from accessing your systems at various levels, using log analysis and threat patterns called scenarios.
CrowdSec is a modular framework, offering a variety of popular scenarios. Users can choose their protection scenarios and deploy Remediation Components to block malicious access.
The crowd-sourced aspect allows sharing attack information among users, enhancing real-time attack detection and preemptive blocking of known bad actors from your system.
Main Features
In addition to the core "detect and react" mechanism, CrowdSec is committed to several other key aspects:
- Easy Installation: Effortless out-of-the-box installation on all supported platforms.
- Simplified Daily Operations: Use cscli and the hub for effortless maintenance and keeping your detection mechanisms up-to-date.
- Reproducibility: The Security Engine can analyze not only live logs but also cold logs, making it easier to detect potential false triggers, conduct forensic analysis, or generate reports.
- Observability: Providing valuable insights into the system's activity:
- Users can view/manage alerts from the (Console).
- Operations personnel have access to detailed Prometheus metrics (Prometheus).
- Administrators can utilize a user-friendly command-line interface tool (cscli).
- API-Centric: All components communicate via an HTTP API, facilitating multi-machine setups.