CrowdSec

CrowdSec is a three-part system; detection, coordination and mitigation.

Detection

The detection agent runs wherever you have log files worth looking at. It compares entries to known patterns of intrusion attempts and reports any events to the local hub. You can can also create your own patterns for custom services.

Coordination

This local hub coordinates these security events into a list that all participants can see. It submits these and pulls other known offenders from CrowdSec central. This keeps the local block list in sync with greater community. Putting the ‘Crowd’ in CrowdSec.

Mitigation

The mitigation agent is the final part of the solution. It runs on firewalls or servers and blocks any IPs associated with an event.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified May 7, 2026: Reorganised CrowdSec pages (58b8edf)