CrowdSec

CrowdSec Blog

A quick deep dive into the new CrowdSec console

You may have read about our brand new console, which is currently in private beta and provides an easy-to-use web interface to inspect multiple CrowdSec agent signals spread across different networks.

Today let’s take a look at it to better understand what it can achieve.

To use it, you must first make sure you have the latest version of CrowdSec on your server. Start by uninstalling the old version with the following command: 

./wizard.sh --uninstall

Then reinstall the new version, adding the new repositories and installing the CrowdSec package. Much more convenient.

curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.deb.sh | sudo bash

Then, go to this site to create an account to access the console. Note that the console is currently in beta and the CrowdSec team validates (or not) each subscription manually.

You will then be given an ID, allowing you to associate the web console with your server under CrowdSec. Run the following command on your server with the ID given by the console: 

sudo cscli console enroll ID-given-by-CrowdSec

Your web console will start filling up with your server data. You can now, directly from your browser, review the details of what is in place on the server such as agents, scenarios, bouncers…etc. You will also be redirected to the Hub which allows you to install new ones.

Most importantly, the web console gives access to all the alerts detected on your server. Alerts that you can export in CSV very easily or filter by scenario, period, IP…etc. It is very visual and allows you to better understand how an attack was carried out.

You can also access statistics and highlight the “star attackers”, or countries that attack your server the most (or at least try).

Be aware that this “statistics”  tab will become obsolete in a few days as we will release a visualizer, taking the console observability capabilities to the next level.

Maybe you were not using the console in the terminal very much, because it required a bit more work to filter the information. But now, with the new one, you can visualize all your data in a few clicks. This saves a lot of time and is much more pleasant. It allows you to better understand what’s going on and eventually change your scenarios or bouncers to make your servers even more secure.

To give it a try, sign up here

You may also like

Protect Your Applications with AWS WAF and CrowdSec: Part I
Tutorial

Protect Your Applications with AWS WAF and CrowdSec: Part I

Learn how to configure the AWS WAF Remediation Component to protect applications running behind an ALB that can block both IPs and countries.

Protect Your Serverless Applications with AWS WAF and CrowdSec: Part II
Tutorial

Protect Your Serverless Applications with AWS WAF and CrowdSec: Part II

Learn how to protect your serverless applications hosted behind CloudFront or Application Load Balancer with CrowdSec and the AWS WAF.

Securing A Multi-Server CrowdSec Security Engine Installation With HTTPS
Tutorial

Securing A Multi-Server CrowdSec Security Engine Installation With HTTPS

In part II of this series, you learn about the three different ways to achieve secure TLS communications between your CrowdSec Security Engines in a multi-server setup.