As the CrowdSec project continues to grow and mature, we have thought long and hard about how we can better describe the various components of the CrowdSec ecosystem to be more in line with what SecOps and cybersecurity professionals are used to seeing day-to-day. As such, we have made a few changes to our naming taxonomy. This is a result of our team and community’s hard work to advance the growth and transformation of the CrowdSec project.
Over the next couple of weeks, you will see a complete renaming of various CrowdSec components across our website, documentation, user-focused materials, and the CrowdSec Console. I wanted to list these naming changes in this post to spare our users from any confusion as they come across the new names.
CrowdSec Security Engine
Previously, when enrolling your CrowdSec deployment into the CrowdSec Console, you will have seen us describe your deployment as your CrowdSec Instance. While the term instance is widely used in the world of tech and cybersecurity, we did not feel that it represented our core mission of making the internet a safer place.
After much internal discussion, we are pleased to introduce you to what is now known as the CrowdSec Security Engine. This term covers the name for our FOSS product that can be installed on Linux, Windows, and OPNsense, to name a few, to identify malicious activity on your networks. Nothing has changed aside from the name, and we now refer to your CrowdSec deployment or installation as your own Security Engine.
Log Processors
If you have been using CrowdSec for a while, you will know that CrowdSec Agents are the core component of our Security Engine responsible for acquiring and parsing system logs to detect malicious activity on your networks. To help CrowdSec users better understand how your Security Engine acquires and parses your logs, we will be renaming CrowdSec Agents to Log Processors.
Remediation Components
When starting the CrowdSec project, we initially chose the term Bouncer to represent the components responsible for stopping or diverting malicious activity. While this term has sparked a lot of fun conversations within the community, we felt the need to encompass a name more in line with the wider cybersecurity vocabulary. While the name Bouncer is not going away, in some user-facing content you may see us group multiple CrowdSec Bouncers under the term Remediation Components.
Introducing Distributed Setup for CrowdSec Security Engines
Distributed Setup will show only depending on the number of Log Processors (former Agents) linked to your Security Engines (former Instances).
Most of our users have only one Log Processor per Security Engine. Did you know you can attach more than one Log Processor to your Security Engine? Indeed you can! So, to simplify the display on the Console, we hide the concept of Distributed Setup when the user has only Security Engines with one log processor attached to it. The console will show you the Security Engine as a Distributed Setup only if you have at least two Log Processors attached to it to avoid confusion between Log Processors and Security Engines.
These naming changes will not have any impact on the configuration of your deployment and you will not see any technical interruptions.
As always, if you have any questions or concerns please join our Discord server here and chat directly with members of the CrowdSec team.