长亭百川云 - 产品详情

长亭百川云

技术讨论长亭漏洞情报库IP 威胁情报SLA在线工具
热门产品
雷池 WAF 社区版
IP 威胁情报
网站安全监测
百川漏扫服务
云堡垒机
百川云
技术文档
开发工具
长亭漏洞情报库
网安百科
安全社区
CT STACK 安全社区
雷池社区版
XRAY 扫描工具
长亭科技
长亭科技官网
万众合作伙伴商城
长亭 BBS 论坛
友情链接
关注或联系我们
添加百川云公众号,移动管理云安全产品
咨询热线:
4000-327-707
百川公众号
百川公众号
百川云客服
百川云客服

Copyright ©2024 北京长亭科技有限公司
icon
京ICP备2024055124号-2
banner
产品logo

CrowdSec

386

0

CrowdSec是一个功能强大的行为检测引擎,CrowdSec当前处于开放源代码状态,能够通过参与式IPS来分析访客行为,并且能够为用户针对各种攻击提供适应性响应。除此之外,CrowdSec还可以利用群组功能生成一个全局CTI数据库,以保护用户网络。

产品logo
CrowdSec

CrowdSec是一个功能强大的行为检测引擎,CrowdSec当前处于开放源代码状态,能够通过参与式IPS来分析访客行为,并且能够为用户针对各种攻击提供适应性响应。除此之外,CrowdSec还可以利用群组功能生成一个全局CTI数据库,以保护用户网络。

产品关联图片
预览
产品关联图片
预览
产品关联图片
预览

CrowdSec




markdown-img markdown-img markdown-img markdown-img Go Reference markdown-img markdown-img markdown-img markdown-img markdown-img

:computer: Console (WebApp) :books: Documentation :diamond_shape_with_a_dot_inside: Configuration Hub :speech_balloon: Discourse (Forum) :speech_balloon: Discord (Live Chat)

:dancer: This is a community-driven project, we need your feedback.

<TL;DR>

CrowdSec is a free, modern & collaborative behavior detection engine, coupled with a global IP reputation network. It stacks on fail2ban's philosophy but is IPV6 compatible and 60x faster (Go vs Python), it uses Grok patterns to parse logs and YAML scenarios to identify behaviors. CrowdSec is engineered for modern Cloud / Containers / VM-based infrastructures (by decoupling detection and remediation). Once detected you can remedy threats with various bouncers (firewall block, nginx http 403, Captchas, etc.) while the aggressive IP can be sent to CrowdSec for curation before being shared among all users to further improve everyone's security. See FAQ or read below for more.

2 mins install

Installing it through the Package system of your OS is the easiest way to proceed.
Otherwise, you can install it from source.

From package (Debian)

1curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash
2sudo apt-get update
3sudo apt-get install crowdsec

From package (rhel/centos/amazon linux)

1curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash
2sudo yum install crowdsec

From package (FreeBSD)

sudo pkg update
sudo pkg install crowdsec

From source

1wget https://github.com/crowdsecurity/crowdsec/releases/latest/download/crowdsec-release.tgz
2tar xzvf crowdsec-release.tgz
3cd crowdsec-v* && sudo ./wizard.sh -i

:information_source: About the CrowdSec project

Crowdsec is an open-source, lightweight software, detecting peers with aggressive behaviors to prevent them from accessing your systems. Its user-friendly design and assistance offer a low technical barrier of entry and nevertheless a high security gain.

The architecture is as follows :

CrowdSec

Once an unwanted behavior is detected, deal with it through a bouncer. The aggressive IP, scenario triggered and timestamp are sent for curation, to avoid poisoning & false positives. (This can be disabled). If verified, this IP is then redistributed to all CrowdSec users running the same scenario.

Outnumbering hackers all together

By sharing the threat they faced, all users are protecting each-others (hence the name Crowd-Security). Crowdsec is designed for modern infrastructures, with its "Detect Here, Remedy There" approach, letting you analyze logs coming from several sources in one place and block threats at various levels (applicative, system, infrastructural) of your stack.

CrowdSec ships by default with scenarios (brute force, port scan, web scan, etc.) adapted for most contexts, but you can easily extend it by picking more of them from the HUB. It is also easy to adapt an existing one or create one yourself.

:point_right: What it is not

CrowdSec is not a SIEM, storing your logs (neither locally nor remotely). Your data are analyzed locally and forgotten.

Signals sent to the curation platform are limited to the very strict minimum: IP, Scenario, Timestamp. They are only used to allow the system to spot new rogue IPs, and rule out false positives or poisoning attempts.

:arrow_down: Install it !

Crowdsec is available for various platforms :

  • Use our debian repositories or the official debian packages
  • An image is available for docker
  • Prebuilt release packages are also available (suitable for amd64)
  • You can as well build it from source

Or look directly at installation documentation for other methods and platforms.

:tada: Key benefits

Fast assisted installation, no technical barrier

Initial configuration is automated, providing functional out-of-the-box setup markdown-img

Out of the box detection

Baseline detection is effective out-of-the-box, no fine-tuning required (click to expand) markdown-img

Easy bouncer deployment

It's trivial to add bouncers to enforce decisions of crowdsec (click to expand) markdown-img

Easy dashboard access

It's easy to deploy a metabase interface to view your data simply with cscli (click to expand) markdown-img

Hot & Cold logs

Process cold logs, for forensic, tests and chasing false positives & false negatives (click to expand) markdown-img

📦 About this repository

This repository contains the code for the two main components of crowdsec :

  • crowdsec : the daemon a-la-fail2ban that can read, parse, enrich and apply heuristics to logs. This is the component in charge of "detecting" the attacks
  • cscli : the cli tool mainly used to interact with crowdsec : ban/unban/view current bans, enable/disable parsers and scenarios.

Contributing

If you wish to contribute to the core of crowdsec, you are welcome to open a PR in this repository.

If you wish to add a new parser, scenario or collection, please open a PR in the hub repository.

If you wish to contribute to the documentation, please open a PR in the documentation repository.

产品logo
雷池 WAF 社区版

长亭科技

6.7k

8

一款足够简单、足够好用、足够强的免费 WAF。基于业界领先的语义引擎检测技术,作为反向代理接入,保护你的网站不受黑客攻击。

#免费#WAF#Bot防护#反爬虫#DDoS防护#开源
产品关联图片
预览
产品关联图片
预览
产品关联图片
预览
产品关联图片
预览
产品logo
IP 威胁情报

长亭科技

4.6k

3

长亭 IP 威胁情报是一个专业的 IP 威胁情报分析平台,为企业提供全面的 IP 信誉评估服务。

#SaaS# IP 情报#威胁情报#IP 组订阅#情报订阅
产品关联图片
预览
产品关联图片
预览
产品关联图片
预览
产品关联图片
预览
产品logo
BunkerWeb

3.2k

0

基于 Nginx 的开源 WAF,让 Web 服务自带安全能力

#开源#WAF
产品关联图片
预览
产品关联图片
预览
产品关联图片
预览
产品logo
xapp

长亭科技

3.2k

0

专注于web指纹识别的工具

#指纹识别#免费#开源#渗透测试#漏洞扫描
立即体验
开源流量分析行为监测威胁情报防火墙
相关资讯更多
产品关联图片
预览
产品关联图片
预览
产品关联图片
预览