Crowdsec is an open source, lightweight software that allows you to detect malicious behavior and block access to your systems at various levels (infrastructure, system, application).
To achieve this, Crowdsec reads archives logging from different sources to analyze, normalize and enrich it before matching it to threat patterns or scripts.
One of the advantages of Crowdsec, compared to other solutions, is its completeness: Metadata from detected attacks (source IP, time and scripts triggered) are sent to a central API and then shared with all users.
In addition to detecting and stopping real-time attacks based on your logs, it allows you to prevent dangerous agents from accessing your information system.
Basic features
quick installation
Easy to install with great help to the user
Effective detection
Basic detection is effective and no adjustment is required
Easy exclusion
It is easy to add exclusions to crowdsec decisions
Easy access
It is easy to develop a Metabase interface to view them data you simply with cscli
Information about the installation but also about the use of the prelettertos, you will find here.