Explore The Next Frontier in Cyber Threats and Defense Evolution!
Download ebook
This new major version brings new features: Introduction Before we get started, here is a quick reminder of what a bouncer is in the CrowdSec ecosystem: pieces of standalone software in charge of acting upon blocked IPs. They can either be within the applicative stack or work out of the band. While the CrowdSec agents […]
Cyberattack attempts against companies and individuals happen almost every day, but this is not something that businesses talk about with a wider audience. If data about the attackers were shared among businesses, everyone would have a chance to better prepare for and fight against cyberattacks. Philippe Humeau, the CEO of CrowdSec, explained to Cybernews how […]
Based on the CrowdSec data shared by the community, this first edition of the report provides an overview of the main cyber threats identified worldwide. It was issued by leveraging the strength of the CrowdSec global community. Every single day, all members report and exchange cyber threat data with each other, making CrowdSec one of […]
The latest addition to CrowdSec was OPNsense, a FreeBSD distribution designed for security. OPNsense is easy to set up and offers a firewall and routing software to secure a network. It can be compared to pfSense from which it is derived. It is therefore widely used by companies. This tutorial covers how to install the […]
To get to know Gérald better, we asked him five questions. Hey Gérald, can you tell our community about yourself? You can also call me Gandalf, edoukki, drEagle, Geronimo, Guignol…I took the name of “Gandalf from the Conjurers,” my own “hackers team” in my teenage years when I was already in the computer world […]
We’re honored to announce that CrowdSec, collaborative, free and open source security automation platform, has been named to G2’s Best Software Awards, placing #17, on the Security Products list. G2 is a software marketplace based on user reviews and feedback. It helps more than 60 million software buyers annually to discover, review and manage the […]
Introduction Each user who accesses your site is identifiable by an IP address. CrowdSec is an open source tool capable of determining whether this IP is potentially malicious or not. To do so, the CrowdSec agent that you will have installed on your server will analyze different data sources (log files, etc.). According to predefined remediation […]
Introduction In this tutorial, we are going to see how we can write a CrowdSec parser to process Asterisk logs and then how to write a CrowdSec scenario to detect common attacks (user enumeration, brute force …) on this service. Requirements In order to write the CrowdSec parser and scenario, we will need the following: […]
Qualys just published CVE-2021-4034 which is trivial to exploit and impacts a large variety of distributions and versions. In a nutshell, the vulnerability, also called PwnKit, allows for a local escalation of privilege (LPE), due to out-of-band writing, in Polkit’s Pkexec, an alternate solution to the “sudo” privilege management tool. Pkexec is installed by default […]
Today, we’re releasing version 1.3.0 of CrowdSec. What’s new in this release This release brings the support of Kinesis as a data source. While we were already supporting CloudWatch in the AWS universe, this data source suffers various limitations that don’t make it very fit when it comes to processing significant throughput of events (mostly […]
Introduction Hello again to the readers who have read the first part of the article about how to integrate CrowdSec to Kubernetes and detect attacks. For the others, welcome to part 2, which will cover the remediation part on Kubernetes and, more precisely, on Nginx Ingress Controller. First, you need to have a ready Kubernetes […]
It’s finally happening. We’re opening our own Discord server as a replacement for our Gitter. We’ll be keeping our Discourse. As it turns out those two – Discord and Discourse (or Disco2 as we call them internally) – supplement each other really well. Also, the new Discord fills an important role for us – or […]
At CrowdSec we want our users to protect themselves regardless of the tech stack they use. The simplest way to do that is to implement threat remediation at the network level, with a firewall bouncer. CrowdSec bouncers can also be set up at the upper levels of an applicative stack: web server, CDN, and in […]
As 2021 comes to an end and with an exciting 2022 ahead of us, let’s take a moment to think back on the (almost) past year. And what a year, what a year! Considering that CrowdSec was created in 2020, right in the middle of the Covid-19, 2021 was the first full year of the […]
We’re honored to announce that CrowdSec has been named Hight Performer product in G2 Winter reports for 2022. The selection was made based on customer Satisfaction and Market Presence. CrowdSec received the highest Satisfaction score among products in Intrusion Detection and Prevention Systems (IDPS) and Threat Intelligence Software. 100% of users rated it 4 or […]
With the Log4j (CVE-2021-44228) exploit storming over the internet, countless java-based services were discovered being not only critically vulnerable but also said to be ridiculously easy to exploit, pushing sysadmins into a rush to identify and correct the vulnerable systems. It is too early to assess the long-term impact of Log4j but the consensus is […]
If you work in Infosec, you had a very lousy weekend. And that’s because of the Log4j zero-day vulnerability (CVE-2021-44228) that was discovered. We had no choice but to roll up our sleeves to help our community before things got messier than they already were. As a result, we have released a scenario that will […]
We’ve released version 1.2.1 of CrowdSec This version contains a few bug fixes, improvements for people dealing with massive databases with many agents and bouncers. But mostly, it introduces a new feature to make the creation and troubleshooting of parsers and scenarios easier – cscli explain. Debugging a faulty parser or creating a new scenario […]
Cyber security is the land of TLA (Three Letter Acronyms…get it? we are very meta here…). The complete value chain has dozens of acronyms from SOC to SIEM through DDoS, CTI etc. For the uninitiated, all these words sound like invoking millenary monsters from a Lovecraft novel. We could spend hours explaining those terms, but […]
Introduction The microservice architecture is the most significant security challenge in a Kubernetes (K8s) cluster. Every application you deploy opens a new potential entry for attackers, increasing the attack surface. As deployed applications generate logs and CrowdSec can run in a container… You see where I am going with this. In this blog post, we […]
