crowdsec v0.3 releases: open-source and lightweight software
About the crowdsec project
Crowdsec is open-source and lightweight software that allows you to detect peers with malevolent behaviors and block them from accessing your systems at various levels (infrastructural, system, applicative).
To achieve this, Crowdsec reads logs from different sources (files, streams …) to parse, normalize and enrich them before matching them to threats patterns aka scenarios.
It is a modular and plug-able framework, it ships a large variety of well known popular scenarios; users can choose what scenarios they want to be protected from as well as easily add new custom ones to better fit their environment.
Detected malevolent peers can then be prevented from accessing your resources by deploying blockers at various levels (applicative, system, infrastructural) of your stack.
One of the advantages of Crowdsec, when compared to other solutions, is its crowded aspect: Meta information about detected attacks (source IP, time and triggered scenario) are sent to a central API and then shared amongst all users.
Besides detecting and stopping attacks in real-time based on your logs, it allows you to preemptively block known bad actors from accessing your information system.
Fast assisted installation, no technical barrier
Out of the box detection
Easy blocker deployment
Easy dashboard access
This repository contains the code for the two main components of crowdsec :
- crowdsec : the daemon a-la-fail2ban that can read, parse, enrich, and apply heuristics to logs. This is the component in charge of “detecting” the attacks
- cscli: the cli tool mainly used to interact with crowdsec: ban/unban/view current bans, enable/disable parsers, and scenarios.
- Add support for MySQL databases (#135) : documentation
- Add simulation support for scenarios (#136) : documentation
- Support multiple args for all cscli upgrade/install/remove commands (#132)
- Add ability to filter ‘ban list’ output (–ip –range –as –country –reason) (#115)
- Unify prometheus metrics & stick to conventions : documentation
- Database : Support automatic db flushing to control DB’s size (#91)
- Add expr helper to check if IP is in ipRange (#113)
- Add debug expr (#168)
- Add output raw for ban list (#108)
- Allow comments with # in expr wordlists (#125)
- Add possibility to filter the size of cscli ban list returned array (#129)
- fix multi runners : only run several parsers for now (#98)
- fix crash if there is no source in events leading to overflow (#96)
- fix empty machineid (#95)
- fix backup/restore that doesn’t backup and restore simulation file (#133)
Copyright (c) 2020 crowdsecurity