Details page
Introductionβ
This page will reference information about a specific Security Engine. This page is your one-stop resource for understanding everything related to the Security Engine you're interested in.
Usageβ
Summaryβ
At the top of the page, the essential information regarding the Security Engine is referenced. This includes the IP address, ID, last activity, tags, and the current version. This page will notify if the Security Engine is not running the latest CrowdSec version. To identify outdated Security Engines, you can also utilize the Troubleshooting feature.
Quick actions are available from the summary to apply changes to your Security Engine.
Remediation componentsβ
The remediation component in CrowdSec will apply either the decisions made by CrowdSec, the blocklists or the custom decisions.
Metricsβ
Starting from version 1.6.3, CrowdSecβs remediation components now display detailed metrics. These metrics provide valuable insights into the number of traffic drops and the volume of traffic processed by each remediation component.
To access a detailed view of these metrics, simply click the Get More Info button on any active remediation component card. This will show you the effectiveness of each decision made by the Security Engine, based on the installed blocklists.
In the same modal, you can view the active decisions. This section provides information about the number of decisions made by each source of decisions.
Inactive remediation componentsβ
Remediation components are meant to block attackers. Having inactive remediation component can compromise the security of your Security Engine, as they cannot apply decisions.
Blocklistsβ
The Blocklists section will display all blocklists associated with the Security Engine. This section will provide information about the blocklist, including the number of IPs, the last update, and the number of false positives.
See the blocklist documentation to install your first one.
Scenariosβ
To view all installed scenarios on the Security Engine, navigate to the Scenarios section. Here, each scenario will display the triggered alerts, easily accessible on the HUB with just one click.
For additional scenarios, visit the CrowdSec HUB.
By clicking on a scenario, you can access essential information about the scenario and be redirected to the corresponding page in the CrowdSec HUB. This provides direct access to the necessary details.
Log Processorsβ
The Log Processors section will only be displayed if the Security Engines have multiple log processors, indicating a Distributed Setup. Here, you can access all essential information regarding the log processors and their current version.
A warning will be displayed if any Security Engine has an outdated version.
