Skip to main content

CrowdSec Hub

The CrowdSec Hub serves as a repository where individuals can access an array of premade configuration files.

These resources are developed by both the CrowdSec team and the broader community, offering a ready-to-use collection for integrating into your own configurations.

Hub Tour

The Hub is divided into many sections, each of which is designed to help you find the right configuration for your needs.

CrowdSec HubCrowdSec Hub

Collections Tab

Collections refers to a set of configurations intended to operate in unison. For instance, the crowdsecurity/sshd collection includes settings aimed at overseeing attacks towards a SSH server.

CrowdSec sshd collectionCrowdSec sshd collection

You can see the contents of the collection by viewing the Content section.

CrowdSec sshd collection contentCrowdSec sshd collection content

As illustrated above, the sshd collection encompasses a parser along with scenarios focused on brute force attacks.

Configurations Tab

The configurations tab holds individual files that can be used with your CrowdSec setup. Each item will include tags to help you identify the intended use case.

CrowdSec configurationsCrowdSec configurations

For example apache_log4j2_cve-2021-44228 is a Attack scenario that is designed to detect attacks related to the Apache Log4j2 CVE-2021-44228 vulnerability.

CrowdSec apache_log4j2_cve-2021-44228CrowdSec apache_log4j2_cve-2021-44228

Another example is crowdsecurity/nginx-logs which is a Log parser that is designed to parse Nginx logs.

CrowdSec nginx-logsCrowdSec nginx-logs
info

There are more configuration types other than Attack scenario and Log parser. However, these are the most common types.

Bouncers Tab

info

The term Bouncers has been updated to Remediation Components in the Taxonomy.

However, legacy items might still use the term bouncers just know that they are the same thing.

This tab contains Remediation Components that can be used to enforce decisions made by CrowdSec Security Engine.

CrowdSec bouncersCrowdSec bouncers

For example, crowdsecurity/iptables is a Remediation Component that can be used to block IP addresses using iptables.

info

Please note the download figures are solely from GitHub metrics and do not include downloads from other sources.

AppSec Configurations Tab

info

From version 1.6.0 CrowdSec introduced the AppSec Component which allows you to turn CrowdSec into a Web Application Firewall (WAF).

AppSec configurations are designed to configure the AppSec Component, it provides sensible defaults for various web applications.

CrowdSec AppSec configurationsCrowdSec AppSec configurations

AppSec Rules Tab

AppSec Rules are designed to be used with the AppSec Component to detect and block attacks against web applications.

These rules are defined and loaded by AppSec Configurations.

CrowdSec AppSec rulesCrowdSec AppSec rules

Next Steps?

Now that you have viewed the CrowdSec Hub, you can head back to the post installation steps to follow the rest of the steps.

CrowdSec ConsoleCrowdSec Console