CrowdSec is a security automation engine, using both local IP behavior detection & our community-driven IP reputation database.
CrowdSec analyzes logs (systems, cloud trails, app, pub/sub, etc.)
IP behavior is evaluated by scenarios (you can write or download)
The agent also checks if this IP is known in our community DB
It then enforces your policy: block, throttle, captcha, 2FA, MFA, etc.
Finally, the aggressive IP is shared with the community
- CrowdSec heuristics protect plenty of endpoints
- which enrich its IP reputation database
- that, in return, all members can use
- to preemptively block malevolent actors