Skip to main content
Version: Next

Security Engine Overview

The CrowdSec Security Engine is an open-source, lightweight software that detects and blocks malicious actors from accessing your systems at various levels, using log and HTTP Requests analysis with threat patterns called scenarios.

CrowdSec is a modular security tool offering behavior-based detection, including AppSec rules, and optional components to block threats called Remediation Components

   

The crowd-sourced aspect allows the sharing of attacks they detected and blocked. Participants of this crowd-sourced threat intel receive, automatically via the security engine, a curated list of validated attackers (community blocklist) enhancing their real-time protection capabilities by taking preemptive actions against known threats.

Main Features

In addition to the core "detect and react" mechanism, CrowdSec is committed to several other key aspects:

  • Easy Installation: Effortless out-of-the-box installation on all supported platforms.
  • Simplified Daily Operations: You have access to our Web UI administration via CrowdSec's console or the powerful Command line tool cscli for effortless maintenance and keeping your detection mechanisms up-to-date.
  • Reproducibility: The Security Engine can analyze not only live logs but also cold logs, making it easier to detect potential false triggers, conduct forensic analysis, or generate reports.
  • Versatile: The Security Engine can analyze system logs and HTTP Requests to exhaustively protect your perimeter.
  • Observability: Providing valuable insights into the system's activity:
    • Users can view/manage alerts from the (Console).
    • Operations personnel have access to detailed Prometheus metrics (Prometheus).
    • Administrators can utilize a user-friendly command-line interface tool (cscli).
  • API-Centric: All components communicate via an HTTP API, facilitating multi-machine setups.

Architecture

Under the hood, the Security Engine has various components:

Deployment options

This architecture allows for both simple/standalone setups, or more distributed ones including as illustrated below:

Distributed architecture example:


More ways to learn

More ways to learn

Watch a short series of videos on how to install CrowdSec and protect your infrastructure

Learn with CrowdSec Academy