CrowdSec Hub

The CrowdSec Hub is a repository of ready-to-use configuration files. Resources are maintained by both the CrowdSec team and the community.

Hub Tour

The Hub is divided into sections to help you find the right configuration.

Collections are sets of configurations that work together. For example, the crowdsecurity/sshd collection focuses on SSH attack patterns.

You can see the contents of a collection in the Content section.

As shown above, the sshd collection includes a parser and scenarios focused on brute-force attacks.

The configurations tab holds individual files you can use with your CrowdSec setup. Each item includes tags to help you identify its purpose.

For example, apache_log4j2_cve-2021-44228 is an Attack scenario designed to detect Log4j2 CVE-2021-44228 exploitation.

Another example is crowdsecurity/nginx-logs, a Log parser designed to parse Nginx logs.

There are more configuration types than Attack scenario and Log parser, but these are the most common.

The term Bouncers has been updated to Remediation Components in the Taxonomy.

Legacy items might still use the term bouncers. They mean the same thing.

This tab contains Remediation Components that enforce decisions made by the CrowdSec Security Engine.

For example, crowdsecurity/iptables blocks IP addresses using iptables.

Please note the download figures are solely from GitHub metrics and do not include downloads from other sources.

Since version 1.6.0, CrowdSec includes the AppSec Component, which lets you run CrowdSec as a Web Application Firewall (WAF).

AppSec configurations configure the AppSec Component and provide sensible defaults for common web applications.

AppSec Rules are used with the AppSec Component to detect and block web application attacks.

These rules are defined and loaded by AppSec Configurations.

Now that you have explored the Hub, return to the post-installation steps to continue setup.