Explore The Next Frontier in Cyber Threats and Defense Evolution!

Download ebook

CrowdSec

CrowdSec Blog

A quick deep dive into the new CrowdSec console

You may have read about our brand new console, which is currently in private beta and provides an easy-to-use web interface to inspect multiple CrowdSec agent signals spread across different networks.

Today let’s take a look at it to better understand what it can achieve.

To use it, you must first make sure you have the latest version of CrowdSec on your server. Start by uninstalling the old version with the following command: 

./wizard.sh --uninstall

Then reinstall the new version, adding the new repositories and installing the CrowdSec package. Much more convenient.

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash

Then, go to this site to create an account to access the console. Note that the console is currently in beta and the CrowdSec team validates (or not) each subscription manually.

You will then be given an ID, allowing you to associate the web console with your server under CrowdSec. Run the following command on your server with the ID given by the console: 

sudo cscli console enroll ID-given-by-CrowdSec

Your web console will start filling up with your server data. You can now, directly from your browser, review the details of what is in place on the server such as agents, scenarios, bouncers…etc. You will also be redirected to the Hub which allows you to install new ones.

Most importantly, the web console gives access to all the alerts detected on your server. Alerts that you can export in CSV very easily or filter by scenario, period, IP…etc. It is very visual and allows you to better understand how an attack was carried out.

You can also access statistics and highlight the “star attackers”, or countries that attack your server the most (or at least try).

Be aware that this “statistics”  tab will become obsolete in a few days as we will release a visualizer, taking the console observability capabilities to the next level.

Maybe you were not using the console in the terminal very much, because it required a bit more work to filter the information. But now, with the new one, you can visualize all your data in a few clicks. This saves a lot of time and is much more pleasant. It allows you to better understand what’s going on and eventually change your scenarios or bouncers to make your servers even more secure.

To give it a try, sign up here

You may also like

how to waste attacker resources and protect applications
Tutorial

How to Waste Attacker Resources and Protect Your Applications in One Go

Discover the power of SpiderTrap Sinkholes combined with CrowdSec in this step-by-step guide to protect your applications and exhaust attackers’ resources.

enhance kubernetes security with the crowdsec waf
Tutorial

Enhance Kubernetes Security with the CrowdSec WAF

Learn how to enhance the security of your Kubernetes applications with the CrowdSec WAF, using custom rules to block specific attack vectors.

Protect Your Applications with AWS WAF and CrowdSec: Part I
Tutorial

Protect Your Applications with AWS WAF and CrowdSec: Part I

Learn how to configure the AWS WAF Remediation Component to protect applications running behind an ALB that can block both IPs and countries.