Anyone using CrowdSec?
-
Just read about it here and was wondering if anyone has tried it out yet?
From their GitHub repo --
A modern behavior detection system, written in Go. It stacks on Fail2ban's philosophy, but uses Grok patterns & YAML grammar to analyse logs, a modern decoupled approach (detect here, remedy there) for Cloud/Containers/VM based infrastructures. Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and blocked IPs are shared among all users to further improve their security.
-
Have not used it nor seen it. But was thinking just this morning about the need for something like this. I like the idea.
-
This looks like a good tool. If it is performant at high volume that will be a huge improvment over
fail2ban.I am a little concerned about the global block process. But I assume they have that addressed someplace. I only read this page, nothing else yet.
-
@JaredBusch said in Anyone using CrowdSec?:
This looks like a good tool. If it is performant at high volume that will be a huge improvment over
fail2ban.I am a little concerned about the global block process. But I assume they have that addressed someplace. I only read this page, nothing else yet.
yeah, that's what gave me pause too.
But definitely seems like a cool idea.
What I want to know is who's footing the bill for the centralized collection of these IPs and redistribution.
