Achieve security excellence without breaking the budget!

Download guide

Announcing CrowdSec 1.4: what’s new?

In our infinite wisdom, we have established that after version 1.3 released earlier this year, it was now time for version 1.4.

🍲 What have we been cooking?

Windows Support

Yes, my fluffy friends: after a few months of Alpha and Beta testing, Windows support is now officially out! It supports essential services (RDP, SMB, Windows firewall, Exchange, SYSMON, IIS), and a firewall bouncer is also available. You can now protect your Windows infrastructures and join the crowd! 

Windows Support by CrowdSec v1.4

Easier and more resilient configuration management

This one was overdue, but better later than never: it is now possible to have alternate .local configuration files that will take precedence over existing configurations and be left untouched by the package manager. You can now overload one or more configuration values and ensure those remain above package upgrades: the package manager is unaware of those files, but CrowdSec will consider them as overriding existent parameters. Configurations supporting this mechanism are config.yaml, local_api_credentials.yaml, simulation.yaml and profiles.yaml.

Client authentication via certificates

Mostly relevant for people that do automated infrastructure provisioning and infrastructure as code, it is now possible to configure agents and bouncers to use certificates to authenticate to the local API. Getting rid of provisioning of API keys for bouncers and Login/Passwords for agents will make CrowdSec’s management within that kind of infrastructure a lot easier. 

While on the “machine management” topic, this release brings both a heartbeat feature in the Local API and a “garbage collector” feature, which automatically cleans up inactive agents and bouncers after a while.

Dynamic decision time

After our users heavily insisted on this new feature, we finally incorporated the ability to provide “dynamic” decision duration based on the number of offenses. With duration_expr, you can now ban people for an exponential time and cast them to the drop table for nearly forever.

Overall performance improvement

While performing benchmarks for some users with significant throughput (30k+ EP/s on a single website), we discovered several optimizations that will lead to a decupled performance increase in some resource-intensive setups. We will publish an article very soon covering this topic, no vain teasing!

Better Management of IPV6

This release improves the support for IPV6 and notably brings the ability to ban an IPv6 range automatically when an IP triggers a scenario. 

And a ton of other improvements

And there are many other less notable things, but feel free to take a look at the release notes on our GitHub.

As always, your feedback is what drives us forward, so feel free to share it with us. Our Discord is the best place to do so.

You may also like

am i under attack
Product Updates

Am I Under Attack: Cut Through the Noise to Detect Sophisticated and Targeted Attacks with CrowdSec’s New feature

Am I Under Attack leverages advanced AI algorithms to detect anomalies in your logs indicating more sophisticated or targeted attacks.

new and advanced ip lookup search
Product Updates

Introducing the New and Advanced IP Lookup Search

In a previous article, we introduced the CTI Report, this time, we are taking it a step further and introducing new and advanced search options for our IP lookup.  You now have access to multiple search options to accurately and effectively explore the CrowdSec CTI.   Let’s take a look. IP lookup search These new search […]

Discover CrowdSec’s Free Third-Party Blocklists
Product Updates

Discover CrowdSec’s Free Third-Party Blocklists

In case you missed it, we recently announced the new Blocklists Catalog in the CrowdSec Console. In the catalog, you can find several blocklists centralized in one place, including third-party blocklists that are free to all users.  All users on the CrowdSec Console can subscribe their Security Engines to third-party blocklists to secure their systems […]