Crowdsec is an open source, lightweight software that allows you to detect malicious behavior and block access to your systems at various levels (infrastructure, system, application).
To achieve this, Crowdsec reads logs from different sources to analyze, streamline and enrich it before assigning them to threat patterns or scripts.
One of the advantages of Crowdsec, compared to other solutions, is its completeness: Metadata from detected attacks (IP source, time and scripts enabled) are sent to a central API and then communicated to all users.
In addition to detecting and stopping real-time attacks based on your logs, it allows you to prevent dangerous agents from accessing your information system.
Easy to install with great help to the user
Basic detection is effective and no adjustment is required
It is easy to add exclusions to crowdsec decisions
It is easy to deploy a Metabase interface to view your data simply with cscli
Information about the installation and the use of the program, you will find here.