A quick deep dive into the new CrowdSec console
You may have read about our brand new console, which is currently in private beta and provides an easy-to-use web interface to inspect multiple CrowdSec agent signals spread across different networks.
Today let’s take a look at it to better understand what it can achieve.
To use it, you must first make sure you have the latest version of CrowdSec on your server. Start by uninstalling the old version with the following command:
Then reinstall the new version, adding the new repositories and installing the CrowdSec package. Much more convenient.
curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
Then, go to this site to create an account to access the console. Note that the console is currently in beta and the CrowdSec team validates (or not) each subscription manually.
You will then be given an ID, allowing you to associate the web console with your server under CrowdSec. Run the following command on your server with the ID given by the console:
sudo cscli console enroll ID-given-by-CrowdSec
Your web console will start filling up with your server data. You can now, directly from your browser, review the details of what is in place on the server such as agents, scenarios, bouncers…etc. You will also be redirected to the Hub which allows you to install new ones.
Most importantly, the web console gives access to all the alerts detected on your server. Alerts that you can export in CSV very easily or filter by scenario, period, IP…etc. It is very visual and allows you to better understand how an attack was carried out.
You can also access statistics and highlight the “star attackers”, or countries that attack your server the most (or at least try).
Be aware that this “statistics” tab will become obsolete in a few days as we will release a visualizer, taking the console observability capabilities to the next level.
Maybe you were not using the console in the terminal very much, because it required a bit more work to filter the information. But now, with the new one, you can visualize all your data in a few clicks. This saves a lot of time and is much more pleasant. It allows you to better understand what’s going on and eventually change your scenarios or bouncers to make your servers even more secure.