• Stars
    star
    8,253
  • Rank 4,482 (Top 0.09 %)
  • Language
    Go
  • License
    MIT License
  • Created over 4 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.

CrowdSec




πŸ’» Console (WebApp) πŸ“š Documentation πŸ’  Configuration Hub πŸ’¬ Discourse (Forum) πŸ’¬ Discord (Live Chat)

πŸ’ƒ This is a community-driven project, we need your feedback.

<TL;DR>

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse logs and YAML scenarios to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM-based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security. See FAQ or read below for more.

2 mins install

Installing it through the Package system of your OS is the easiest way to proceed. Otherwise, you can install it from source.

From package (Debian)

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
sudo apt-get update
sudo apt-get install crowdsec

From package (rhel/centos/amazon linux)

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
sudo yum install crowdsec

From package (FreeBSD)

sudo pkg update
sudo pkg install crowdsec

From source

wget https://github.com/crowdsecurity/crowdsec/releases/latest/download/crowdsec-release.tgz
tar xzvf crowdsec-release.tgz
cd crowdsec-v* && sudo ./wizard.sh -i

ℹ️ About the CrowdSec project

Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems. Its user-friendly design and assistance offer a low technical barrier of entry and nevertheless a high security gain.

The architecture is as follows :

CrowdSec

Once an unwanted behavior is detected, deal with it through a bouncer. The aggressive IP, scenario triggered and timestamp are sent for curation, to avoid poisoning & false positives. (This can be disabled). If verified, this IP is then redistributed to all CrowdSec users running the same scenario.

Outnumbering hackers all together

By sharing the threat they faced, all users are protecting each-others (hence the name Crowd-Security). Crowdsec is designed for modern infrastructures, with its "Detect Here, Remedy There" approach, letting you analyze logs coming from several sources in one place and block threats at various levels (applicative, system, infrastructural) of your stack.

CrowdSec ships by default with scenarios (brute force, port scan, web scan, etc.) adapted for most contexts, but you can easily extend it by picking more of them from the HUB. It is also easy to adapt an existing one or create one yourself.

πŸ‘‰ What it is not

CrowdSec is not a SIEM, storing your logs (neither locally nor remotely). Your data are analyzed locally and forgotten.

Signals sent to the curation platform are limited to the very strict minimum: IP, Scenario, Timestamp. They are only used to allow the system to spot new rogue IPs, and rule out false positives or poisoning attempts.

⬇️ Install it !

Crowdsec is available for various platforms :

Or look directly at installation documentation for other methods and platforms.

πŸŽ‰ Key benefits

Fast assisted installation, no technical barrier

Initial configuration is automated, providing functional out-of-the-box setup

Out of the box detection

Baseline detection is effective out-of-the-box, no fine-tuning required (click to expand)

Easy bouncer deployment

It's trivial to add bouncers to enforce decisions of crowdsec (click to expand)

Easy dashboard access

It's easy to deploy a metabase interface to view your data simply with cscli (click to expand)

Hot & Cold logs

Process cold logs, for forensic, tests and chasing false positives & false negatives (click to expand)

πŸ“¦ About this repository

This repository contains the code for the two main components of crowdsec :

  • crowdsec : the daemon a-la-fail2ban that can read, parse, enrich and apply heuristics to logs. This is the component in charge of "detecting" the attacks
  • cscli : the cli tool mainly used to interact with crowdsec : ban/unban/view current bans, enable/disable parsers and scenarios.

Contributing

If you wish to contribute to the core of crowdsec, you are welcome to open a PR in this repository.

If you wish to add a new parser, scenario or collection, please open a PR in the hub repository.

If you wish to contribute to the documentation, please open a PR in the documentation repository.

More Repositories

1

hub

Main repository for crowdsec scenarios/parsers
Python
147
star
2

example-docker-compose

Example integration of crowdsec in docker-compose
Dockerfile
101
star
3

cs-firewall-bouncer

Crowdsec bouncer written in golang for firewalls
Go
100
star
4

opnsense-plugin-crowdsec

OPNsense plugin for CrowdSec
Volt
69
star
5

grafana-dashboards

Grafana dashboards for Crowdsec monitoring using Prometheus
61
star
6

home-assistant-addons

Home Assistant Crowdsec Addons
Dockerfile
54
star
7

cs-nginx-bouncer

CrowdSec bouncer for Nginx
Shell
49
star
8

pfSense-pkg-crowdsec

PHP
49
star
9

cs-cloudflare-bouncer

A CrowdSec Bouncer that syncs the decisions made by CrowdSec with CloudFlare's firewall. Manages multi user, multi account, multi zone setup. Supports IP, Country and AS scoped decisions.
Go
47
star
10

cs-wordpress-bouncer

CrowdSec is an open-source cyber security tool. This plugin blocks detected attackers or display them a captcha to check they are not bots.
PHP
34
star
11

helm-charts

CrowdSec community kubernetes helm charts
Shell
27
star
12

crowdsec-docs

CrowdSec Documentation: Comprehensive guides, tutorials, and references for installing, configuring, and using CrowdSec, an open-source cybersecurity platform. Contributions welcome!
MDX
22
star
13

cs-windows-firewall-bouncer

Crowdsec bouncer for the Windows Firewall
C#
20
star
14

cs-haproxy-bouncer

Crowdsec bouncer for HAProxy
Lua
20
star
15

cs-blocklist-mirror

Go
15
star
16

cs-cloud-firewall-bouncer

Crowdsec Cloud Firewall Bouncer
Go
15
star
17

spksrc-crowdsec

Makefile
14
star
18

php-cs-bouncer

The official PHP bouncers library for the CrowdSec LAPI
PHP
14
star
19

cs-custom-bouncer

CrowdSec bouncer to use custom scripts
Python
13
star
20

sec-lists

Repository to track keywords & patterns lists used by crowdsec parsers and scenarios
11
star
21

cs-standalone-php-bouncer

CrowdSec bouncer for PHP Website
PHP
11
star
22

cs-openresty-bouncer

CrowdSec bouncer for OpenResty
Shell
10
star
23

pycrowdsec

Python
10
star
24

lua-cs-bouncer

Lua
9
star
25

cs-express-bouncer

CrowdSec is an open-source cyber security tool. This Express middleware blocks detected attackers or display them a captcha to check they are not bots.
JavaScript
9
star
26

go-cs-bouncer

Go library to use crowdsec API.
Go
9
star
27

cs-aws-waf-bouncer

Crowdsec bouncer for AWS WAF
Go
7
star
28

cs-cloudflare-blocker

Block IPs/Ranges with cloudflare API
Go
7
star
29

cs-magento-bouncer

CrowdSec is an open-source cyber security tool. This module blocks detected attackers or display them a captcha to check they are not bots.
PHP
6
star
30

jupyter-ecs-spawner

ECS Spawner for JupyterHub
Python
5
star
31

cs-nginx-blocker

nginx blocker
Shell
4
star
32

php-capi-client

The official PHP client for the CrowdSec Central API (CAPI)
PHP
4
star
33

cs-netfilter-blocker

netfilter blocker
Go
4
star
34

cs-custom-blocker

CrowdSec blocker to call user scripts
Go
3
star
35

terraform-aws-crowdsec-serverless

HCL
3
star
36

misp-feed-generator

Python
3
star
37

cs-cloudflare-worker-bouncer

A CrowdSec Bouncer that syncs the decisions made by CrowdSec with CloudFlare's firewall using cloudflare workers. Manages multi user, multi account, multi zone setup. Supports IP, Country and AS scoped decisions.
Go
3
star
38

cs-lua-lib

Lua
2
star
39

ansible-collection-crowdsecurity.testing

Ansible collection for deployment and functional testing
2
star
40

php-remediation-engine

The official PHP remediation engine for CrowdSec
PHP
2
star
41

crowdsec_chrome_extension

Chrome extension which enables searching selected IP in CrowdSec's CTI
JavaScript
2
star
42

crowdsec-yaml-schemas

2
star
43

crowdsec-wasm-playground

JavaScript
2
star
44

php-lapi-client

The official PHP client for the CrowdSec Local API (LAPI)
PHP
2
star
45

python-capi-sdk

A Python SDK to do the heavy lifting of interacting with CAPI.
Python
2
star
46

pytest-cs

Pytest fixtures for crowdsec
Python
1
star
47

cs-nginx-njs-bouncer

CrowdSec NGINX remediation component (bouncer) using NJS
1
star
48

cs-wordpress-blocker

[DEPRECATED] Crowdsec Wordpress blocker
PHP
1
star
49

cs-thehive-cortex-analyzer

CrowdSec CTI enrichment integration into TheHive via Cortex Analyzer
HTML
1
star
50

magento-cs-extension

Magento extension allowing to share threat signal and benefit from the CrowdSec's community blocklist
PHP
1
star
51

fundraising-decks

Present the slides used for CrowdSec fundraising and explain the business model
1
star
52

packaging-debian

Python
1
star
53

crowdsec-service-api-sdk-python

Service API Python SDK
Python
1
star
54

go-cs-lib

Common library for crowdsec and go-based bouncers
Go
1
star