How does CrowdSec work?

CrowdSec is an modern threat blocking solution that replaces old players like Fail2Ban

CrowdSec is a modern threat blocking solution that replaces old players like Fail2Ban. The main premise behind CrowSec is simple. Admins place the CrowdSec Agent at strategic points throughout their network. These agents then detect and log threats by IP or activity. The agents query a public API provided for free by CrowdSec. The beauty of the system is that the agent feeds back into the public database any threats that the agent sees are not in the database already. Now that the agent has identified any threats, it makes this data available through an API. This API can be queried by small applications called bouncers. Bouncers have a simple mission: protect a specific application or resource. There can be multiple bouncers on one machine, but they all report back to the main API for the latest threat data.

Want to check out more about CrowdSec? These links will get you started:

  1. CrowdSec.net
  2. CrowdSec Docs
Gavin
Gavin
CompTIA Security+ Certified IT Professional
comments powered by Disqus
Next
Previous

Related