Explore The Next Frontier in Cyber Threats and Defense Evolution!

Download ebook

CrowdSec

CrowdSec Blog

CrowdSec introduces a new version to simplify parsers creation and troubleshooting

We’ve released version 1.2.1 of CrowdSec

This version contains a few bug fixes, improvements for people dealing with massive databases with many agents and bouncers. But mostly, it introduces a new feature to make the creation and troubleshooting of parsers and scenarios easier  – cscli explain.

Debugging a faulty parser or creating a new scenario can be tricky when you don’t know what data ends up in which field, or which parser of a chain misbehaves.

Until now, the easiest way would be to turn the given parser(s) into debug more and run CrowdSec with the faulty log lines, which is tedious and time-consuming.

That’s what cscli explain helps to solve: it shows the user which parsers picked up the line, and if it did succeed parsing it, along with the changes it made to it.

Concretely cscli explain works like this:

cscli explain in action

Here we can see the lines being picked up by the non-syslog parser, then by the nginx parser, as well as by various enrichers (such as GeoIP), before finally landing in various scenarios: http-crawl-non_statics and http-probbing.

It has been something we meant to do for a while. And we hope the form it takes in this release will help solve the issue.

cscli explain intends to help not only troubleshoot but also create and customize parsers and scenarios. Thus, it also allows to see detailed changes of each step:

cscli explain allowing to see detailed changes of each step of parser/scenario creation

And that’s mostly it for this release. Stay tuned for more!

Feel free to contact us using our community channels (Gitter and Discourse) and share your feedback or suggestions. Read more about CrowdSec releases and features on our blog.

You may also like

crowdsec threat forecast blocklist release announcement
Announcement

Block 50% More Attackers with the CrowdSec Threat Forecast Blocklist

Introducing our new Threat Forecast Blocklist. Learn how it works and how it can help you block around 50% more attackers before they even reach your servers.

am i under attack
Product Updates

Am I Under Attack: Cut Through the Noise to Detect Sophisticated and Targeted Attacks with CrowdSec’s New feature

Am I Under Attack leverages advanced AI algorithms to detect anomalies in your logs indicating more sophisticated or targeted attacks.

new and advanced ip lookup search
Product Updates

Introducing the New and Advanced IP Lookup Search

In a previous article, we introduced the CTI Report, this time, we are taking it a step further and introducing new and advanced search options for our IP lookup.  You now have access to multiple search options to accurately and effectively explore the CrowdSec CTI.   Let’s take a look. IP lookup search These new search […]