Their FAQ crowdsec.net/faq/ Log4J threat tracker crowdsec.net/log4j-tracker/ Their Blog crowdsec.net/blog/ ⏱ Timestamps ⏱ 00:00 What is Crowdesc? 01:02 Crowdsec Open Soure 02:25 How Crwodsec Works 06:25 Crowdsec Demo Data and Dashboard
As CrowdSec Moderator and CrowdSec Ambassador, thanks for covering. The Discord is ever growing. People are really creative when creating scenarios. I can't wait to see where CrowdSec is in the future.
thank you, but can you please inform the self hosters about when it makes sense to run your solution... ssh and wireguard, when configured properly, already make it difficult enough.
If your self hosting apps publicly like Bitwarden or even have authelia to protect those apps you can plug crowdsec into those access logs and use that to ban IP’s from accessing your stuff. If you host your own website this would also be perfect as you can apply scenarios specifically for the type of website so it will look out for those attacks
@@yngvefiskum5310 In spite of what Tom's hinting in the video there are no current plans to do a plugin for pfSense. That being said we have noticed a certain demand from Tom's community and are taking that into consideration as we are assessing the situation :-)
Wow that's a great way for the Alphabet Soup to be have a more efficient way of spying on us. I know they have the capability but it still requires a lot of resources, with this kind of project we are basically working for the Alphabet Soup to spy on ourselves for free, genius.
As a communications company nearing over 50+ managed networks, I have partnered with Netgate and have been starting to migrate. Hearing this has made me believe I made the right choice, if they integrate with Croudsec it looks like I will be getting on board also. Thanks for this Tom!
Unfortunately we don't support pfSense and there's currently no plans to support it. However, there are ways to use dynamic blocklists extracted from the CrowdSec agent with pfSense. My posts are deleted if it contains links so I can't link to the blogpost that talks about it so instead look from the comment from Tom on another post where it is.
As always great video. I am particularly looking forward to seeing your video on pfsense integration. When I first heard about crowdsec, my first thought was pfsense integration.
Unfortunately we don't support pfSense and there's currently no plans to support it. However, there are ways to use dynamic blocklists extracted from the CrowdSec agent with pfSense. My posts are deleted if it contains links so I can't link to the blogpost that talks about it so instead look from the comment from Tom on another post where it is.
@@Asdasdas1337 I love the idea of crowdsec and the ideal for me is to have it integrated into any firewall that I use. I have clients who would benefit tremendously from having the strength of crowdsec integrated into their firewall.
Started running pfsense 2 weeks ago because of this channel, been liking it so far from my EdgeRouter-X. Excited for that pfsense-crowsec integration video soon, it will give me even more to do soon
Yeah I really hope they cover pfSense integration!! Would be awesome to have this functionality right in your router and choose which scenarios cover certain tagged traffic
Unfortunately we don't support pfSense and there's currently no plans to support it. However, there are ways to use dynamic blocklists extracted from the CrowdSec agent with pfSense. My posts are deleted if it contains links so I can't link to the blogpost that talks about it so instead look from the comment from Tom on another post where it is.
in the console, only threats are reported, and on the CTI part, you can query any IP, even if it didn't aggress you particularly. As for the CSCLI tool, it also only show alerts.
Love the idea and spirit of collecting data to provide better insight on the attack vectors globally. Be cool to see this added in pfSense to provide such data.
@@hawks5196 Unfortunately we don't support pfSense and there's currently no plans to support it. However, there are ways to use dynamic blocklists extracted from the CrowdSec agent with pfSense. My posts are deleted if it contains links so I can't link to the blogpost that talks about it so instead look from the comment from Tom on another post where it is.
Yup, would be really nice. There is a way to get the lists into pfsense, but not the interactive agent. I haven't tried putting the lists in for testing yet.
I need technical assistance to install and configure CrowdSec on an offline Oracle Linux machine. The goal of this installation is to leverage CrowdSec for analyzing container behavior within a Kubernetes cluster.
Soooo how do I make this work on pfsense? Not seeing an easy answer briefly looking. I suppose waiting for integration is a thing.. Be nice to use now.
@@LAWRENCESYSTEMS thank you for putting up this link. I'm excited to get CrowdSec working along side my PfSense install for a more complete security solution for my home. Looking forward to seeing more in-depth videos on CrowdSec.
For all people in the EU or with user from the EU (so everyone) this is risky, because it could be against the gdpr and yes, there are some information about this on the website, but there is many stuff which is not clear yet and it could be dangerous. (PS: Showing the ip addresses in the video is 100% against the GDPR)
The console offers a GDPR filter at the very bottom of the screen, just press it and all IPs are blurred. Also regarding GDPR, our lawyer is also our DPO and takes great care of how & when. Basically, there are 3 rules to follow : 1/ collect the minimum information to render your service 2/ keep them for the least amount of time 3/ Let people be able to correct / erase those data upon request. For 1/ We do collect only timestamp/IP/aggression type, which is the very minimum 2/ We keep not 1y as legally entitled, but 6 months, after which we blur the IP in a range (not A.B.C.D but A.B.C..0/24) and the timestamp (not anymore 12:34:56 but between 12 & 13) which doesn't pinpoint this information to an individual anymore. 3/ Our website offers a form to remove your IP (with a captcha and manually checked behind). This was considered by our law firm, DPO and CNIL as enough in regard of the GDPR.
@@philippe_CS There are many more problems, one of them is that you give the ip addresses to every participant and can’t guarantee what they do with this. And the new SCC after Schrems II you need to gurantee what’s happening with this data, how they are protected… I know, there are many, many legal problems with many online services and especially if you’re not in the eu there is only a absolut tiny Chance that you get caught, but it is still there and the user should be aware.
@@jacksoncremean1664 yes I just didn’t know if by default it watches over that port. Does it by default block for any open ports on an internet facing server then?
@@HisLoveArmy It's a bit more complex. CrowdSec needs to understand the log format and how threats looks like on the VPN server. That is covered in parsers and collections and currently there are none for VPN. Fortunately those are trivial to do so I am sure someone will do them soon.
Yes, there has been a certain demand for that after Tom's video. Although he says something that can be interpreted as we have something on the way for pfSense. That is not the case. However it is possible to integrate using dynamic hostlists and there's a link for an article in a comment by Tom here (I can't put links in comments myself) if you want to know more. That being said we are always listening to what the community wants and we have heard that a number of people wants our software ported to pfSense :-)
Actually the source is open source and under MIT license. If we start to do crap, the community will fork it. So no political censorship possible here. Besides, the whole treatment is automated and no human take decision here. The "consensus" engine, the algo calling the shots, will also be open sourced soon (time to separate code from arch), so the rules as to why & how an IP has been banned are known and will also be made public and opened for PR/MR.
Their FAQ
crowdsec.net/faq/
Log4J threat tracker
crowdsec.net/log4j-tracker/
Their Blog
crowdsec.net/blog/
⏱ Timestamps ⏱
00:00 What is Crowdesc?
01:02 Crowdsec Open Soure
02:25 How Crwodsec Works
06:25 Crowdsec Demo Data and Dashboard
Damn I've been thinking about building something like this for years. Tempted to build a bouncer for my community. 🤔
@@MageDef Go for it! There is a whole section for developers on the official CrowdSec Discord
As CrowdSec Moderator and CrowdSec Ambassador, thanks for covering. The Discord is ever growing. People are really creative when creating scenarios. I can't wait to see where CrowdSec is in the future.
thank you, but can you please inform the self hosters about when it makes sense to run your solution... ssh and wireguard, when configured properly, already make it difficult enough.
If your self hosting apps publicly like Bitwarden or even have authelia to protect those apps you can plug crowdsec into those access logs and use that to ban IP’s from accessing your stuff. If you host your own website this would also be perfect as you can apply scenarios specifically for the type of website so it will look out for those attacks
Any possibility for a pfSense plugin? 😅
@@yngvefiskum5310 In spite of what Tom's hinting in the video there are no current plans to do a plugin for pfSense. That being said we have noticed a certain demand from Tom's community and are taking that into consideration as we are assessing the situation :-)
Wow that's a great way for the Alphabet Soup to be have a more efficient way of spying on us. I know they have the capability but it still requires a lot of resources, with this kind of project we are basically working for the Alphabet Soup to spy on ourselves for free, genius.
As a communications company nearing over 50+ managed networks, I have partnered with Netgate and have been starting to migrate. Hearing this has made me believe I made the right choice, if they integrate with Croudsec it looks like I will be getting on board also. Thanks for this Tom!
Unfortunately we don't support pfSense and there's currently no plans to support it. However, there are ways to use dynamic blocklists extracted from the CrowdSec agent with pfSense. My posts are deleted if it contains links so I can't link to the blogpost that talks about it so instead look from the comment from Tom on another post where it is.
As always great video. I am particularly looking forward to seeing your video on pfsense integration. When I first heard about crowdsec, my first thought was pfsense integration.
There is no pfsense integration planned. Opnsense integration however is in beta state.
Unfortunately we don't support pfSense and there's currently no plans to support it. However, there are ways to use dynamic blocklists extracted from the CrowdSec agent with pfSense. My posts are deleted if it contains links so I can't link to the blogpost that talks about it so instead look from the comment from Tom on another post where it is.
@@Asdasdas1337 I love the idea of crowdsec and the ideal for me is to have it integrated into any firewall that I use. I have clients who would benefit tremendously from having the strength of crowdsec integrated into their firewall.
I would love to learn more about them. Thanks for the video Tom.
Thanks for the kind words!
Great. I'd advise you to join our Discord. We have weekly workshops for new users there. Find an invite link on our website.
Just installed it on my OPNSense firewall. Very easy to set up.
Started running pfsense 2 weeks ago because of this channel, been liking it so far from my EdgeRouter-X. Excited for that pfsense-crowsec integration video soon, it will give me even more to do soon
Can't wait to watch your other videos on CrowdSec! Also interested in CrowdSec on pfSense!
Yeah I really hope they cover pfSense integration!! Would be awesome to have this functionality right in your router and choose which scenarios cover certain tagged traffic
Unfortunately we don't support pfSense and there's currently no plans to support it. However, there are ways to use dynamic blocklists extracted from the CrowdSec agent with pfSense. My posts are deleted if it contains links so I can't link to the blogpost that talks about it so instead look from the comment from Tom on another post where it is.
@@crowdsec Thanks!
I've added support recently for ngnx mail auth module... lets hope they will merge it soon!
Can't wait to see the intergration with pfSense.
Does someone have a recommendation for managing Linux audit for multiple machines?
YOOOO LOVE THE NEW setup dude! Also , is your real name Lawrence?
I see analysing access ip addresses from logs, but how to know which ones are malicious and threats?
in the console, only threats are reported, and on the CTI part, you can query any IP, even if it didn't aggress you particularly. As for the CSCLI tool, it also only show alerts.
Love the idea and spirit of collecting data to provide better insight on the attack vectors globally. Be cool to see this added in pfSense to provide such data.
Yeah I’m really looking forward to the pfSense integration
@@hawks5196 Unfortunately we don't support pfSense and there's currently no plans to support it. However, there are ways to use dynamic blocklists extracted from the CrowdSec agent with pfSense. My posts are deleted if it contains links so I can't link to the blogpost that talks about it so instead look from the comment from Tom on another post where it is.
Thanks for the kind words @noah!
When will this make it to PFSense?
Yup, would be really nice. There is a way to get the lists into pfsense, but not the interactive agent. I haven't tried putting the lists in for testing yet.
No current plans so impossible to say.
I need technical assistance to install and configure CrowdSec on an offline Oracle Linux machine. The goal of this installation is to leverage CrowdSec for analyzing container behavior within a Kubernetes cluster.
Soooo how do I make this work on pfsense? Not seeing an easy answer briefly looking. I suppose waiting for integration is a thing.. Be nice to use now.
blog.vacum.se/pfsense-crowdsec/
@@LAWRENCESYSTEMS thank you for putting up this link. I'm excited to get CrowdSec working along side my PfSense install for a more complete security solution for my home. Looking forward to seeing more in-depth videos on CrowdSec.
For all people in the EU or with user from the EU (so everyone) this is risky, because it could be against the gdpr and yes, there are some information about this on the website, but there is many stuff which is not clear yet and it could be dangerous.
(PS: Showing the ip addresses in the video is 100% against the GDPR)
The console offers a GDPR filter at the very bottom of the screen, just press it and all IPs are blurred.
Also regarding GDPR, our lawyer is also our DPO and takes great care of how & when. Basically, there are 3 rules to follow : 1/ collect the minimum information to render your service 2/ keep them for the least amount of time 3/ Let people be able to correct / erase those data upon request.
For 1/ We do collect only timestamp/IP/aggression type, which is the very minimum 2/ We keep not 1y as legally entitled, but 6 months, after which we blur the IP in a range (not A.B.C.D but A.B.C..0/24) and the timestamp (not anymore 12:34:56 but between 12 & 13) which doesn't pinpoint this information to an individual anymore. 3/ Our website offers a form to remove your IP (with a captcha and manually checked behind).
This was considered by our law firm, DPO and CNIL as enough in regard of the GDPR.
@@philippe_CS There are many more problems, one of them is that you give the ip addresses to every participant and can’t guarantee what they do with this. And the new SCC after Schrems II you need to gurantee what’s happening with this data, how they are protected… I know, there are many, many legal problems with many online services and especially if you’re not in the eu there is only a absolut tiny Chance that you get caught, but it is still there and the user should be aware.
@@philippe_CS but thanks for the long explanation :)
If I have open VPN port open on a cloud server will the basic firewall bouncer block any known bad IPs?
As long as the VPN server has crowdsec bouncer installed
@@jacksoncremean1664 yes I just didn’t know if by default it watches over that port. Does it by default block for any open ports on an internet facing server then?
@@HisLoveArmy It's a bit more complex. CrowdSec needs to understand the log format and how threats looks like on the VPN server. That is covered in parsers and collections and currently there are none for VPN. Fortunately those are trivial to do so I am sure someone will do them soon.
Could you please spell the name of the tool you are mentionning ? Is it cerrakato ? I cant find it with all the spellings I tried.
I believe you are referring to Suricata?
Suricata
Thank you both :)
Pfsense would be very welcome
Yes, there has been a certain demand for that after Tom's video. Although he says something that can be interpreted as we have something on the way for pfSense. That is not the case. However it is possible to integrate using dynamic hostlists and there's a link for an article in a comment by Tom here (I can't put links in comments myself) if you want to know more. That being said we are always listening to what the community wants and we have heard that a number of people wants our software ported to pfSense :-)
5:25
First
So it's like WOT Web of Trust. Started out with good intentions but turned into a political blacklist. Same thing gonna happen.
Actually the source is open source and under MIT license.
If we start to do crap, the community will fork it. So no political censorship possible here.
Besides, the whole treatment is automated and no human take decision here. The "consensus" engine, the algo calling the shots, will also be open sourced soon (time to separate code from arch), so the rules as to why & how an IP has been banned are known and will also be made public and opened for PR/MR.