Security engine for crowd-sourced IP detection, active remediation, and shared blocklists
- Stars13.9k
- Forks655
- Open Issues284
MIT
- Go
- Shell
- Python
About CrowdSec
CrowdSec is a security engine that detects and blocks malicious IPs. It parses logs and HTTP requests to spot bad behavior, then hands the verdict to remediation components that stop attacks across the application, system, and infrastructure layers.
The Security Engine combines IDS/IPS and WAF functions in one process. It ships with scenarios such as brute force, port scan, and web scan, and you can pull more scenarios from the hub. The Community Blocklist contributes a curated set of malicious IPs the engine can proactively block.
It runs on Linux, Windows, Docker, OpnSense, and Kubernetes. The Console adds visualization, fleet management, and extra blocklists, while detection rules stay open under an MIT license so you can audit and adapt them.
Key features
- Analyzes logs and HTTP requests for bad behavior
- IDS/IPS and WAF in one Security Engine
- Remediation components for active blocking
- Community Blocklist of malicious IP addresses
- Built-in scenarios for brute force, port scan, and web scan
Details
- First released
- 2020
- Platforms
- Windows · Linux · Docker
- Deployment
- self-hostable · docker
- License
- MIT for detection rules
- Security
- IDS/IPS · WAF
- Console
- Visualization and management