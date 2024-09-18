Crowdsec is an open-source solution that offers crowdsourced protection against malicious IPs.

CrowdSec features

For this project, the developers have two objectives:

Provide free top-quality intrusion detection and protection software. There’s community participation in creating new detection rules as new vulnerabilities are uncovered.

Share and validate the attackers’ IPs with the network participants to render hackers’ resources useless as soon as possible. A consensus system gives a real-time actionable blocklist with no false positives.

“CrowdSec offers an ever-expanding collection of behavior detection capabilities that other products simply don’t have, thanks to our community’s contributions. Our solution stands out from the basic brute force detection available in most tools to more advanced detection like spamming, scalping, and lateral movement in Kubernetes clusters,” Julien Devouassoud, Deputy CTO at CrowdSec, told Help Net Security.

“All users benefit from a community-driven blocklist that is updated hourly to prevent known attackers from accessing the network, helping save resources and reducing the likelihood of breaches by mitigating mass attacks. Our AppSec feature includes virtual patching rules, transforming your CrowdSec installation into a personalized Web Application Firewall (WAF) for even greater protection,” Devouassoud added.

Key benefits

Installation is fast, with an automated initial configuration that works out-of-the-box. Ready-to-use detection: Baseline detection is enabled immediately without fine-tuning.

Adding bouncers to enforce CrowdSec’s decisions is straightforward. Dashboard access: Deploy a Metabase interface to visualize your data with a single command using cscli.

Deploy a Metabase interface to visualize your data with a single command using cscli. Hot and cold log processing: Process cold logs for forensics, testing, and identifying false positives and negatives.

Future plans and download

“Thanks to our data science team, we’re making a lightweight AI model that will be able to detect suspicious changes in your ingress behavior locally. It comes as complementary protection against yet unknown vulnerabilities,” said Devouassoud.

“The idea is to grow our community as big as possible with an efficient and transparent tool. We want users to be assured that the only info they share with the network is about the attacker: attacker IP, scenario of attack, and time of attack, and that’s why we’re open-source.”

CrowdSec is available for free on GitHub.

