CrowdSec, an open-source, modernized & collaborative fail2ban for free
CrowdSec
Member Posts: 3 ■■□□□□□□□□
Dear estimated community,
We would like to introduce a new security project, CrowdSec, and most importantly collect your feedback & comments. The solution is available on GitHub and will remain open-source (MIT license) and free of charge.
CrowdSec is a hybrid security engine leveraging 2 different capabilities to protect its users.
The first one is a local agent, running on Internet-facing services. It blocks any aggressive behavior, based on various scenarios.
The second mechanism uses our global IP reputation network (run and curated by us), based on the alerts sent by our user community. Every time the behavior engine blocks an IP, all participants are informed that this IP is dangerous and should be blocked.
We leverage the crowd power to make this IP reputation database as accurate as possible. As of today, community members come from 50+ countries across 5 different continents and already blocked 100,000+ IPs.
We would love to hear your thoughts and engage further discussions. Unfortunately we cannot add any link to this post but you can give us a shout on GitHub (crowdsecurity/crowdsec) or on our website via the chat.
Many thanks in advance for your valuable feedback!
The CrowdSec team
We would like to introduce a new security project, CrowdSec, and most importantly collect your feedback & comments. The solution is available on GitHub and will remain open-source (MIT license) and free of charge.
CrowdSec is a hybrid security engine leveraging 2 different capabilities to protect its users.
The first one is a local agent, running on Internet-facing services. It blocks any aggressive behavior, based on various scenarios.
The second mechanism uses our global IP reputation network (run and curated by us), based on the alerts sent by our user community. Every time the behavior engine blocks an IP, all participants are informed that this IP is dangerous and should be blocked.
We leverage the crowd power to make this IP reputation database as accurate as possible. As of today, community members come from 50+ countries across 5 different continents and already blocked 100,000+ IPs.
We would love to hear your thoughts and engage further discussions. Unfortunately we cannot add any link to this post but you can give us a shout on GitHub (crowdsecurity/crowdsec) or on our website via the chat.
Many thanks in advance for your valuable feedback!
The CrowdSec team
Tagged:
Comments
Does CrowdSec search/store historical information that can be queried to discover the historical activity of IP and domain activity? For example, can I find out the reputation of a given IP or domain in March 2018? SOC and Threat Intel analysts also need such information to perform further investigations and research.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Regarding the first one, when you receive reputation information about an IP, you will get the list of triggered scenarios, but there is no triage about criticality per se.
About the second one, such an API is not publicly available, but will be in the future.
Does that help?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
The idea is not to ban blindly. Rather to do the minimum that is required. First, if we're talking about the web, we can send a captcha rather than drop the connection. For other protocols, we can send a 2FA or limit access to certain functions. The IP ban should only be the last alternative in IPV4. We can also react at the application, business or session level.