Crowdsec: A Collective Intelligence Based Security Tool

Introduction

Crowdsec is a collective intelligence based security tool that leverages the power of community-driven threat detection. It uses machine learning and anomaly detection to identify potential threats in real-time, without relying on signatures or rules.

Key Features

• Fast assisted installation: Initial configuration is automated, providing functional out-of-the-box setup.
• Out of the box detection: Baseline detection is effective out-of-the-box, no fine-tuning required.
• Easy bouncer deployment: It's trivial to add bouncers to enforce decisions of crowdsec.
• Easy dashboard access: It's easy to deploy a metabase interface to view your data simply with cscli.
• Hot & Cold logs: Process cold logs for forensic, tests and chasing false positives & false negatives.

Benefits

• No technical barrier: Initial configuration is automated, providing functional out-of-the-box setup.
• Effective threat detection: Baseline detection is effective out-of-the-box, no fine-tuning required.
• Easy to use: Trivial to add bouncers and enforce decisions of crowdsec.

Repository

This repository contains the code for the two main components of crowdsec:

• crowdsec: The daemon a-la-fail2ban that can read, parse, enrich and apply heuristics to logs. This is the component in charge of "detecting" the attacks.
• cscli: The cli tool mainly used to interact with crowdsec: ban/unban/view current bans, enable/disable parsers and scenarios.

Contributing

If you wish to contribute to the core of crowdsec, you are welcome to open a PR in this repository.

If you wish to add a new parser, scenario or collection, please open a PR in the hub repository.

If you wish to contribute to the documentation, please open a PR in the documentation repository.