Crowdsec is open source, lightweight software that lets you detect and block malicious behavior access in your systems at various levels (infrastructure, system, application).
To achieve this, Crowdsec reads archives logs from different sources to analyze, streamline, and enrich it before assigning them to threat patterns or scripts.
One of the advantages of Crowdsec, compared to other solutions, is its completeness: The metadata from the identified attacks (source IP, time and scripts triggered) are sent to a central API and then shared with all users.
In addition to detecting and stopping attacks in real time with base your logs, allows you to proactively block dangerous actors from accessing your information system.
Basic features
Fast installation
Easy to install with great help to the user
Effective detection
Basic detection is effective and no adjustment is required
Easy exclusion
It is easy to add exclusions to crowdsec decisions
Easy access
It is easy to deploy a Metabase interface to view your data simply with cscli
Information about the installation and the use of the program, you will find here.