×
CrowdSec is a proud participant in the Microsoft Copilot for Security Partner Private Preview
Read more
Close icon
CrowdSec Blog
Language
Español
English
Tutorial
September 16, 2021
3
 min. read

A quick deep dive into the new CrowdSec console

You may have read about our brand new console, which is currently in private beta and provides an easy-to-use web interface to inspect multiple CrowdSec agent signals spread across different networks.

Today let’s take a look at it to better understand what it can achieve.

To use it, you must first make sure you have the latest version of CrowdSec on your server. Start by uninstalling the old version with the following command: 

./wizard.sh --uninstall

Then reinstall the new version, adding the new repositories and installing the CrowdSec package. Much more convenient.

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash

Then, go to this site to create an account to access the console. Note that the console is currently in beta and the CrowdSec team validates (or not) each subscription manually.

You will then be given an ID, allowing you to associate the web console with your server under CrowdSec. Run the following command on your server with the ID given by the console: 

sudo cscli console enroll ID-given-by-CrowdSec

Your web console will start filling up with your server data. You can now, directly from your browser, review the details of what is in place on the server such as agents, scenarios, bouncers...etc. You will also be redirected to the Hub which allows you to install new ones.

Most importantly, the web console gives access to all the alerts detected on your server. Alerts that you can export in CSV very easily or filter by scenario, period, IP...etc. It is very visual and allows you to better understand how an attack was carried out.

You can also access statistics and highlight the "star attackers", or countries that attack your server the most (or at least try).

Be aware that this “statistics”  tab will become obsolete in a few days as we will release a visualizer, taking the console observability capabilities to the next level.

Maybe you were not using the console in the terminal very much, because it required a bit more work to filter the information. But now, with the new one, you can visualize all your data in a few clicks. This saves a lot of time and is much more pleasant. It allows you to better understand what's going on and eventually change your scenarios or bouncers to make your servers even more secure.

To give it a try, sign up here

Written by
Jean Devaux
No items found.

You may also like

multi-server crowdsec security engine installation
Tutorial
March 28, 2024
15
 min. read

Setting up A Multi-Server CrowdSec Security Engine Installation

Read article
secure a multi-server crowdsec security engine installation with https
Tutorial
March 28, 2024
10
 min. read

Securing A Multi-Server CrowdSec Security Engine Installation With HTTPS

Read article
protect tcp udp ports from ddos attacks
Tutorial
February 1, 2024
15
 min. read

Protect TCP/UDP Ports Against DDoS Attacks with CrowdSec and Traefik Proxy

Read article