CrowdSec is a free & open-source security
automation tool leveraging local IP behavior detection
& a community-powered IP reputation system.
Collaborative firewall leveraging both behavior & reputation
CrowdSec analyzes logs (systems, cloud trails, app, pub/sub, etc.)
IP behavior is evaluated by scenarios (you can write or download)
The agent checks if the IP is present in the IP reputation DB
Your policy is automatically enforced: block, captcha, 2FA, etc.
Finally, the aggressive IP is shared with the community
- Scenarios can be found in the Hub
- Writing your own behavior detection is super simple
- Grok patterns are used for log parsing
- YAML is used to describe behaviors