Based on the CrowdSec data shared by the community, this first edition of the report provides an overview of the main cyber threats identified worldwide. It was issued by leveraging the strength of the CrowdSec global community. Every single day, all members report and exchange cyber threat data with each other, making CrowdSec one of […]
The latest addition to CrowdSec was OPNsense, a FreeBSD distribution designed for security. OPNsense is easy to set up and offers a firewall and routing software to secure a network. It can be compared to pfSense from which it is derived. It is therefore widely used by companies. This tutorial covers how to install the […]
To get to know Gérald better, we asked him five questions. Hey Gérald, can you tell our community about yourself? You can also call me Gandalf, edoukki, drEagle, Geronimo, Guignol…I took the name of “Gandalf from the Conjurers,” my own “hackers team” in my teenage years when I was already in the computer world […]
We’re honored to announce that CrowdSec, collaborative, free and open source security automation platform, has been named to G2’s Best Software Awards, placing #17, on the Security Products list. G2 is a software marketplace based on user reviews and feedback. It helps more than 60 million software buyers annually to discover, review and manage the […]
Introduction Each user who accesses your site is identifiable by an IP address. CrowdSec is an open source tool capable of determining whether this IP is potentially malicious or not. To do so, the CrowdSec agent that you will have installed on your server will analyze different data sources (log files, etc.). According to predefined remediation […]
Introduction In this tutorial, we are going to see how we can write a CrowdSec parser to process Asterisk logs and then how to write a CrowdSec scenario to detect common attacks (user enumeration, brute force …) on this service. Requirements In order to write the CrowdSec parser and scenario, we will need the following: […]
Qualys just published CVE-2021-4034 which is trivial to exploit and impacts a large variety of distributions and versions. In a nutshell, the vulnerability, also called PwnKit, allows for a local escalation of privilege (LPE), due to out-of-band writing, in Polkit’s Pkexec, an alternate solution to the “sudo” privilege management tool. Pkexec is installed by default […]
Today, we’re releasing version 1.3.0 of CrowdSec. What’s new in this release This release brings the support of Kinesis as a data source. While we were already supporting CloudWatch in the AWS universe, this data source suffers various limitations that don’t make it very fit when it comes to processing significant throughput of events (mostly […]
Introduction Hello again to the readers who have read the first part of the article about how to integrate CrowdSec to Kubernetes and detect attacks. For the others, welcome to part 2, which will cover the remediation part on Kubernetes and, more precisely, on Nginx Ingress Controller. First, you need to have a ready Kubernetes […]
It’s finally happening. We’re opening our own Discord server as a replacement for our Gitter. We’ll be keeping our Discourse. As it turns out those two – Discord and Discourse (or Disco2 as we call them internally) – supplement each other really well. Also, the new Discord fills an important role for us – or […]
At CrowdSec we want our users to protect themselves regardless of the tech stack they use. The simplest way to do that is to implement threat remediation at the network level, with a firewall bouncer. CrowdSec bouncers can also be set up at the upper levels of an applicative stack: web server, CDN, and in […]
As 2021 comes to an end and with an exciting 2022 ahead of us, let’s take a moment to think back on the (almost) past year. And what a year, what a year! Considering that CrowdSec was created in 2020, right in the middle of the Covid-19, 2021 was the first full year of the […]
We’re honored to announce that CrowdSec has been named Hight Performer product in G2 Winter reports for 2022. The selection was made based on customer Satisfaction and Market Presence. CrowdSec received the highest Satisfaction score among products in Intrusion Detection and Prevention Systems (IDPS) and Threat Intelligence Software. 100% of users rated it 4 or […]
With the Log4j (CVE-2021-44228) exploit storming over the internet, countless java-based services were discovered being not only critically vulnerable but also said to be ridiculously easy to exploit, pushing sysadmins into a rush to identify and correct the vulnerable systems. It is too early to assess the long-term impact of Log4j but the consensus is […]
If you work in Infosec, you had a very lousy weekend. And that’s because of the Log4j zero-day vulnerability (CVE-2021-44228) that was discovered. We had no choice but to roll up our sleeves to help our community before things got messier than they already were. As a result, we have released a scenario that will […]
We’ve released version 1.2.1 of CrowdSec This version contains a few bug fixes, improvements for people dealing with massive databases with many agents and bouncers. But mostly, it introduces a new feature to make the creation and troubleshooting of parsers and scenarios easier – cscli explain. Debugging a faulty parser or creating a new scenario […]
Cyber security is the land of TLA (Three Letter Acronyms…get it? we are very meta here…). The complete value chain has dozens of acronyms from SOC to SIEM through DDoS, CTI etc. For the uninitiated, all these words sound like invoking millenary monsters from a Lovecraft novel. We could spend hours explaining those terms, but […]
Introduction The microservice architecture is the most significant security challenge in a Kubernetes (K8s) cluster. Every application you deploy opens a new potential entry for attackers, increasing the attack surface. As deployed applications generate logs and CrowdSec can run in a container… You see where I am going with this. In this blog post, we […]
Do you want to inspect multiple CrowdSec agent signals spread across different networks and discover more about your attackers? We are happy to announce that, although still in beta, it is now available to all. Not only can you enroll all your instances, but also monitor the alerts sent to the CrowdSec community. This private-public […]
If you never heard of it, G2 is a software buyer marketplace based on user reviews and feedback. It helps millions of people every month to make software decisions. Each year, they issue ranking reports based on real-user data. Dear users, you have spoken on G2 these past few months, and your voice has been […]