# crowdsecurity/crowdsec

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/crowdsecurity-crowdsec).**

12,574 stars · 575 forks · Go · mit

## Links

- GitHub: https://github.com/crowdsecurity/crowdsec
- Homepage: https://crowdsec.net
- awesome-repositories: https://awesome-repositories.com/repository/crowdsecurity-crowdsec.md

## Topics

`attacks-prevention` `detection` `ids` `ips` `linux` `protection` `security` `waf`

## Description

CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions.

What distinguishes the project is its decoupled enforcement model, which offloads active blocking to lightweight external components known as bouncers. These bouncers query the central API to synchronize threat intelligence and apply real-time remediation across distributed environments. The system also features a hub-based configuration management framework, allowing users to download and deploy community-curated security scenarios, parsers, and collections to ensure consistent protection against evolving threats.

The platform provides a comprehensive suite of tools for security operations, including automated log parsing pipelines, event-driven plugin systems for notification workflows, and extensive command-line utilities for infrastructure management. It supports flexible deployment patterns across standalone, containerized, and cloud-native environments, enabling centralized orchestration of security agents and fleet-wide monitoring of threat activity.

The project includes a robust documentation and command-line interface that facilitates the lifecycle management of security components, from initial service discovery and configuration to the validation of detection logic and the auditing of active security policies.

## Tags

### DevOps & Infrastructure

- [Security Event Correlation](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-operations/infrastructure-event-correlation-tools/security-event-correlation.md) — Aggregates and correlates security events from logs and network traffic to identify malicious patterns. ([source](https://docs.crowdsec.net/docs/next/appsec/alerts_and_scenarios.md))
- [Security Log Processors](https://awesome-repositories.com/f/devops-infrastructure/log-processing-pipelines/security-log-processors.md) — Processes logs from various sources to identify potential security threats and malicious activity within the infrastructure. ([source](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration.md))
- [Event Pattern Detection](https://awesome-repositories.com/f/devops-infrastructure/event-triggers/event-pattern-detection.md) — Aggregates security events over time to identify and block automated threats using threshold-based logic. ([source](https://docs.crowdsec.net/docs/next/appsec/request_lifecycle.md))
- [Infrastructure Deployment](https://awesome-repositories.com/f/devops-infrastructure/infrastructure-deployment.md) — Supports flexible deployment across standalone, containerized, and cloud-native environments. ([source](https://docs.crowdsec.net/docs/next/intro.md))
- [Security Policy Automators](https://awesome-repositories.com/f/devops-infrastructure/security-automation-workflows/security-policy-automators.md) — Processes security alerts against ordered rules to trigger automated remediation and notification workflows. ([source](https://docs.crowdsec.net/docs/next/local_api/intro.md))
- [Security Parser Updaters](https://awesome-repositories.com/f/devops-infrastructure/automated-container-updaters/security-parser-updaters.md) — Downloads and installs the latest versions of detection patterns from a central repository. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_parsers_upgrade.md))
- [Container Monitoring](https://awesome-repositories.com/f/devops-infrastructure/containerized-environments/container-monitoring.md) — Monitors container logs for security events and applies targeted parsing rules. ([source](https://docs.crowdsec.net/docs/next/configuration/values_parameters.md))

### Security & Cryptography

- [Intrusion Prevention Systems](https://awesome-repositories.com/f/security-cryptography/intrusion-prevention-systems.md) — Parses logs and network traffic to detect threats, sharing intelligence across a global community to automate blocking.
- [Web Application Firewalls](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/web-application-firewalls.md) — Configures web application firewall rules to inspect and filter incoming traffic for malicious patterns. ([source](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration.md))
- [Security Infrastructure Managers](https://awesome-repositories.com/f/security-cryptography/security/infrastructure-and-hardware/infrastructure-system-hardening/management-interface-security/security-infrastructure-managers.md) — Provides a command-line interface to configure security engines, manage detection scenarios, and oversee active blocking decisions. ([source](https://docs.crowdsec.net/docs/next/cscli.md))
- [Threat Detection](https://awesome-repositories.com/f/security-cryptography/threat-detection.md) — Identifies threats by parsing logs and traffic and matching them against predefined security scenarios. ([source](https://docs.crowdsec.net/docs/next/concepts.md))
- [Traffic Filtering](https://awesome-repositories.com/f/security-cryptography/traffic-filtering.md) — Filters incoming network requests against curated lists of malicious IP addresses to prevent cyberattacks. ([source](https://docs.crowdsec.net/docs/next/central_api/community_blocklist.md))
- [Security Engines](https://awesome-repositories.com/f/security-cryptography/security-engines.md) — Registers security engine instances to the central database to enable fleet-wide coordination and threat detection. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_machines_add.md))
- [Security Monitoring](https://awesome-repositories.com/f/security-cryptography/security-monitoring.md) — Provides a management console for unified monitoring and orchestration of distributed security instances. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_windows.md))
- [Security Policy Management](https://awesome-repositories.com/f/security-cryptography/security-policy-controllers/security-policy-management.md) — Maintains a centralized management interface for security policies to ensure consistent protection across infrastructure. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/haproxy_spoa.md))
- [Threat Intelligence Platforms](https://awesome-repositories.com/f/security-cryptography/threat-intelligence-platforms.md) — Aggregates, processes, and shares malicious IP data and attack patterns to protect distributed infrastructure. ([source](https://docs.crowdsec.net/docs/next/configuration/network_management.md))
- [Virtual Patching](https://awesome-repositories.com/f/security-cryptography/virtual-patching.md) — Deploys security rules to mitigate web application vulnerabilities without requiring direct code changes. ([source](https://docs.crowdsec.net/docs/next/appsec/intro.md))
- [Decision Storage Backends](https://awesome-repositories.com/f/security-cryptography/authorization-decision-explainers/security-decision-lookups/decision-storage-backends.md) — Maintains a persistent database backend to track active alerts, remediation decisions, and system state across distributed security instances.
- [Blocklist Aggregators](https://awesome-repositories.com/f/security-cryptography/blocklist-aggregators.md) — Fetches curated lists of known malicious IP addresses from a global network to proactively block threats before they reach an application. ([source](https://docs.crowdsec.net/docs/next/getting_started/sdk_intro.md))
- [Custom Detection Rules](https://awesome-repositories.com/f/security-cryptography/custom-detection-rules.md) — Constructs custom pattern-matching logic to inspect HTTP requests for malicious payloads. ([source](https://docs.crowdsec.net/docs/next/appsec/create_rules.md))
- [Security Policy Enforcers](https://awesome-repositories.com/f/security-cryptography/infrastructure-policy-enforcement/security-policy-enforcers.md) — Blocks source IP addresses that trigger specific security rules multiple times within a defined timeframe to prevent ongoing malicious activity. ([source](https://docs.crowdsec.net/docs/next/appsec/alerts_and_scenarios.md))
- [Network Access Controls](https://awesome-repositories.com/f/security-cryptography/network-access-controls.md) — Prevents access from known malicious IP addresses by consuming real-time threat intelligence. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_drupal_plugin.md))
- [Web Security Policies](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/web-security-policies.md) — Integrates web server bouncers to intercept and reject unauthorized requests at the edge before they reach application logic. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/nginxopenresty.md))
- [Reverse Proxy Security](https://awesome-repositories.com/f/security-cryptography/reverse-proxy-security.md) — Integrates with reverse proxies to perform lightweight request evaluation and block malicious traffic at the edge. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/haproxy_spoa.md))
- [Security Agent Registrations](https://awesome-repositories.com/f/security-cryptography/secure-connection-managers/security-agent-registrations.md) — Connects security agents to the central management server for signal reporting and policy synchronization. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_lapi_register.md))
- [Security Context Installers](https://awesome-repositories.com/f/security-cryptography/security-context-managers/security-context-installers.md) — Downloads and enables detection patterns to identify and flag malicious behaviors within system logs. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_scenarios_install.md))
- [Security Detection Logic](https://awesome-repositories.com/f/security-cryptography/security-detection-logic.md) — Implements a security detection engine that matches HTTP traffic against complex rules to identify and log suspicious activity. ([source](https://docs.crowdsec.net/docs/next/appsec/alerts_and_scenarios.md))
- [Malicious Activity Reporters](https://awesome-repositories.com/f/security-cryptography/threat-intelligence-platforms/intelligence-reporting/malicious-activity-reporters.md) — Submits signals about detected threats to a central intelligence service to contribute to community-wide protection. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_php_softagent.md))
- [Threat Intelligence Synchronizers](https://awesome-repositories.com/f/security-cryptography/threat-intelligence-platforms/threat-intelligence-synchronizers.md) — Synchronizes local security instances with centralized databases to share and receive updated blocklists and global attack patterns. ([source](https://docs.crowdsec.net/docs/next/cscli.md))
- [Web Application Security](https://awesome-repositories.com/f/security-cryptography/web-application-security.md) — Integrates security inspection components with web applications to enforce request filtering and blocking. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/wordpress.md))
- [Security Agent Inspectors](https://awesome-repositories.com/f/security-cryptography/agent-security/security-agent-inspectors.md) — Allows administrators to verify the connectivity and operational health of security agents. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_machines_inspect.md))
- [Security Machine Authentications](https://awesome-repositories.com/f/security-cryptography/api-access-security/security-machine-authentications.md) — Authenticates and connects security agents to the central API for centralized threat management. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_lapi.md))
- [Web Security](https://awesome-repositories.com/f/security-cryptography/application-and-system-security/web-security.md) — Blocks common web attack patterns and known vulnerabilities by applying virtual patching rules to incoming traffic. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/general_setup.md))
- [Cross-Site Scripting Prevention](https://awesome-repositories.com/f/security-cryptography/cross-site-scripting-prevention.md) — Examines input strings for malicious script injection patterns to prevent cross-site scripting attacks. ([source](https://docs.crowdsec.net/docs/next/expr/libinjection_helpers.md))
- [Attack Simulations](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-and-compliance/security-and-threat-mitigations/attack-simulations.md) — Analyzes traffic for generic attack signatures and suspicious behavior to identify threats. ([source](https://docs.crowdsec.net/docs/next/appsec/advanced_deployments.md))
- [Network Access Controls](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/network-security/network-routing-access-control/network-access-controls.md) — Applies temporary restrictions to specific IP addresses or network ranges to block unauthorized access. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_decisions_add.md))
- [Traffic Inspection and Manipulation](https://awesome-repositories.com/f/security-cryptography/network-infrastructure-security/web-network-security/network-security/traffic-inspection-manipulation.md) — Analyzes web application security events by listening on network interfaces to detect and block malicious requests. ([source](https://docs.crowdsec.net/docs/next/configuration/values_parameters.md))
- [Secure Remote Access](https://awesome-repositories.com/f/security-cryptography/secure-remote-access.md) — Establishes secure communication channels for distributed security agents to synchronize threat intelligence and policies. ([source](https://docs.crowdsec.net/docs/next/local_api/configuration.md))
- [Bouncer Registrations](https://awesome-repositories.com/f/security-cryptography/security-policy-controllers/bouncer-registrations.md) — Registers lightweight external components to the central API for automated traffic enforcement. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_bouncers_add.md))
- [Allowlist Management](https://awesome-repositories.com/f/security-cryptography/security/utilities/allowlist-management.md) — Allows exempting specific IP addresses or network ranges from automated blocking actions while maintaining monitoring. ([source](https://docs.crowdsec.net/docs/next/appsec/configuration_rule_management.md))
- [Security Collection Configurators](https://awesome-repositories.com/f/security-cryptography/security/utilities/security-tools/reference-collections-wordlists/security-tool-collections/security-collection-configurators.md) — Installs and manages curated sets of security rules and configurations to detect infrastructure threats. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_collections.md))
- [Agent Security](https://awesome-repositories.com/f/security-cryptography/agent-security.md) — Manages the authorization of security agents to connect to the API and report threat intelligence. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_machines_validate.md))
- [Detection Scenario Inspectors](https://awesome-repositories.com/f/security-cryptography/custom-detection-rules/detection-scenario-inspectors.md) — Allows administrators to verify the configuration and operational status of installed security detection scenarios. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_scenarios_inspect.md))
- [Security Decision Importers](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/authorization-and-user-administration/access-control-authorization/import-access-authorizers/import-access-policies/security-decision-importers.md) — Ingests lists of malicious traffic patterns from external files to apply automated blocking rules across the infrastructure. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_decisions_import.md))
- [Enrollment Management](https://awesome-repositories.com/f/security-cryptography/machine-identity/enrollment-management.md) — Connects local security engines to a centralized management platform for remote monitoring and fleet orchestration. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_console.md))
- [Security Auditing](https://awesome-repositories.com/f/security-cryptography/security-auditing.md) — Provides visibility into active enforcement actions, including blocked IP addresses and triggered security scenarios. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_decisions_list.md))
- [Security Configurations](https://awesome-repositories.com/f/security-cryptography/security-configurations.md) — Defines how security rules are processed and applied to web traffic, including blocking modes and custom hooks. ([source](https://docs.crowdsec.net/docs/next/appsec/configuration_creation_testing.md))
- [Threat Notification Systems](https://awesome-repositories.com/f/security-cryptography/threat-detection/threat-notification-systems.md) — Forwards security alerts to external services to trigger downstream workflows when threats are detected. ([source](https://docs.crowdsec.net/docs/next/local_api/intro.md))
- [Agent Registration Utilities](https://awesome-repositories.com/f/security-cryptography/agent-security/agent-registration-utilities.md) — Registers security agents automatically within a cluster using secure tokens to simplify deployment and management. ([source](https://docs.crowdsec.net/docs/next/configuration/values_parameters.md))
- [Security Agent Revocations](https://awesome-repositories.com/f/security-cryptography/agent-security/security-agent-revocations.md) — Revokes access for security agents to stop them from reporting events or receiving updates. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_machines_delete.md))
- [API Access Security](https://awesome-repositories.com/f/security-cryptography/api-access-security.md) — Ensures authorized access to the security API by validating the identity of connected components. ([source](https://docs.crowdsec.net/docs/next/local_api/intro.md))
- [Security Decision Lookups](https://awesome-repositories.com/f/security-cryptography/authorization-decision-explainers/security-decision-lookups.md) — Enables querying the central database for active security decisions applied to specific entities. ([source](https://docs.crowdsec.net/docs/next/expr/other_helpers.md))
- [Client Certificate Authentication](https://awesome-repositories.com/f/security-cryptography/client-certificate-authentication.md) — Validates the identity of log processors and remediation components using API keys and TLS certificates. ([source](https://docs.crowdsec.net/docs/next/local_api/authentication.md))
- [Detection Scenario Removers](https://awesome-repositories.com/f/security-cryptography/detection-engines/detection-scenario-removers.md) — Uninstalls specific security detection patterns to stop monitoring for particular malicious activities. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_scenarios_remove.md))
- [Detection Overrides](https://awesome-repositories.com/f/security-cryptography/detection-overrides.md) — Allows adding specific IP addresses or ranges to an allowlist to prevent them from being flagged or blocked by security detection engines. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_allowlists_add.md))
- [Security Governance](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-governance.md) — Facilitates lifecycle management of security components like parsers and scenarios sourced from a centralized hub. ([source](https://docs.crowdsec.net/docs/next/cscli.md))
- [Security Plugin Frameworks](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/security-plugin-frameworks.md) — Manages application-specific security plugins to automate threat detection and rule exclusion. ([source](https://docs.crowdsec.net/docs/next/appsec/crs/plugin_support.md))
- [Security Service Configurators](https://awesome-repositories.com/f/security-cryptography/security-configurations/security-service-configurators.md) — Scans the local environment to identify running services and generates the necessary security configurations through an interactive setup process. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_setup_interactive.md))
- [Security Context Inspectors](https://awesome-repositories.com/f/security-cryptography/security-context-managers/security-context-inspectors.md) — Helps administrators understand the active protection environment by inspecting security context relationships. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_contexts_inspect.md))
- [Sensitivity Configurations](https://awesome-repositories.com/f/security-cryptography/security-detection-logic/sensitivity-configurations.md) — Allows administrators to tune the strictness of security rules to balance detection accuracy. ([source](https://docs.crowdsec.net/docs/next/appsec/crs/intro.md))
- [Security Testing Configurations](https://awesome-repositories.com/f/security-cryptography/security-testing-configurations.md) — Implements functional testing for security scenarios and parsers to verify detection logic before production deployment. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_hubtest.md))
- [Decision Retrievers](https://awesome-repositories.com/f/security-cryptography/security/policies/capability-authorization/capability-based-security/decision-retrievers.md) — Queries a central authority to determine if a specific IP address is flagged as malicious and should be blocked. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_pyagent.md))
- [Traffic Inspection Tools](https://awesome-repositories.com/f/security-cryptography/traffic-inspection-tools.md) — Defines acquisition points and network listeners to intercept and analyze web traffic for potential security threats. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/traefik.md))
- [Security Testing and Auditing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing.md) — Allows auditing of installed security configurations used to inspect web traffic for malicious patterns. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_appsec-configs_list.md))
- [SQL Injection Detection Tools](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/injection-vulnerabilities/sql-injection-detection-tools.md) — Analyzes input strings for patterns indicative of SQL injection attempts to flag malicious database queries. ([source](https://docs.crowdsec.net/docs/next/expr/libinjection_helpers.md))

### Web Development

- [Security](https://awesome-repositories.com/f/web-development/api-servers/security.md) — Provides a centralized API service for aggregating security signals and coordinating remediation decisions across distributed agents. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec_opnsense.md))
- [Request Interception and Blocking](https://awesome-repositories.com/f/web-development/backend-development/web-frameworks/routing-request-handling/http-request-handlers/request-simulators/request-interception-and-blocking.md) — Inspects incoming web traffic against vulnerability signatures to block unauthorized access attempts in real-time. ([source](https://docs.crowdsec.net/docs/next/appsec/advanced_deployments.md))
- [Local API Servers](https://awesome-repositories.com/f/web-development/local-api-servers.md) — Acts as a hub for security agents to report signals, store remediation decisions, and synchronize threat intelligence across infrastructure.

### Software Engineering & Architecture

- [Distributed Orchestration Platforms](https://awesome-repositories.com/f/software-engineering-architecture/distributed-orchestration-platforms.md) — Manages security agents and enforcement components across diverse environments, including containers, cloud, and on-premises servers.
- [Bucket Aggregators](https://awesome-repositories.com/f/software-engineering-architecture/event-driven-architectures/bucket-aggregators.md) — Aggregates security events into time-bound buckets to identify malicious patterns and trigger alerts when thresholds are exceeded.
- [Decoupled Architectures](https://awesome-repositories.com/f/software-engineering-architecture/software-architecture/architectural-patterns/modular-decoupled-design/decoupled-architectures.md) — Offloads active blocking and remediation actions to lightweight external components that query the central API for current decisions.
- [Event-Driven Plugin Registries](https://awesome-repositories.com/f/software-engineering-architecture/integration-extensibility/extensibility/plugin-architectures/hook-event-orchestration/event-driven-plugin-registries.md) — Executes custom logic and notification workflows at specific lifecycle stages to handle alerts and integrate with external security tools.
- [Custom Action Handlers](https://awesome-repositories.com/f/software-engineering-architecture/custom-action-handlers.md) — Executes custom logic at lifecycle stages to dynamically modify security engine behavior and request processing. ([source](https://docs.crowdsec.net/docs/next/appsec/hooks.md))
- [Metadata Attachments](https://awesome-repositories.com/f/software-engineering-architecture/metadata-attachments.md) — Appends custom metadata to security alerts to provide context for incident response. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_lapi_context_add.md))

### System Administration & Monitoring

- [Alert Generation Engines](https://awesome-repositories.com/f/system-administration-monitoring/alert-generation-engines.md) — Generates runtime security alerts when traffic patterns exceed defined thresholds. ([source](https://docs.crowdsec.net/docs/next/expr/alert.md))
- [Central API Monitors](https://awesome-repositories.com/f/system-administration-monitoring/health-monitoring/connection-health-monitors/central-api-monitors.md) — Ensures the security engine maintains a healthy connection to the centralized threat intelligence platform. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_capi_status.md))
- [Device Connection Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/administrative-operations/remote-access-interface-tools/administrative-interfaces/management-interfaces/device-connection-monitoring.md) — Displays the connection status between the security engine and the management platform to ensure intelligence sharing. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_console_status.md))
- [Centralized Logging Systems](https://awesome-repositories.com/f/system-administration-monitoring/centralized-logging-systems.md) — Centralizes security alerts and remediation decisions from distributed agents into a unified database. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/nginx-ingress.md))
- [Instance Health Monitors](https://awesome-repositories.com/f/system-administration-monitoring/health-monitoring/instance-health-monitors.md) — Links local security engines to a centralized management platform for remote administration. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_console_enroll.md))
- [IP Address Blocklists](https://awesome-repositories.com/f/system-administration-monitoring/ip-address-blocklists.md) — Maintains and displays lists of banned IP addresses with options to revoke decisions or whitelist network ranges. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_crowdsec_pfsense.md))
- [Alerting and Incident Management](https://awesome-repositories.com/f/system-administration-monitoring/alerting-and-incident-management.md) — Inspects and manages detected security events to maintain an accurate record of blocked threats. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_alerts.md))
- [Alerting Systems](https://awesome-repositories.com/f/system-administration-monitoring/alerting-and-incident-management/alerting-systems.md) — Retrieves detected security events with support for filtering by source IP, network range, and scenario. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_alerts_list.md))
- [API Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/api-monitoring.md) — Verifies the authentication status and health of connections between security agents and the API. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_lapi.md))
- [Application Logging](https://awesome-repositories.com/f/system-administration-monitoring/diagnostic-tools/diagnostics/telemetry-and-log-collectors/application-logging.md) — Extracts and analyzes security events from system logs and application files to identify malicious patterns. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_windows.md))
- [Log Analysis](https://awesome-repositories.com/f/system-administration-monitoring/logging-and-telemetry/log-analysis.md) — Ingests and normalizes web server logs to extract security-relevant metadata for threat detection. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/npmplus.md))
- [Contextual Alert Samples](https://awesome-repositories.com/f/system-administration-monitoring/alerting-and-incident-management/alerting-systems/contextual-alert-samples.md) — Enriches security alerts with custom data to improve visibility for incident response. ([source](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration.md))
- [Background Polling Services](https://awesome-repositories.com/f/system-administration-monitoring/background-polling-services.md) — Monitors the operational state of the polling interface to ensure security signals are processed. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_papi.md))
- [Allowlist Management](https://awesome-repositories.com/f/system-administration-monitoring/ip-address-blocklists/allowlist-management.md) — Prevents specific IP addresses or ranges from triggering security alerts or blocklist actions by defining trusted sources. ([source](https://docs.crowdsec.net/docs/next/local_api/centralized_allowlists.md))
- [Metrics Exporters](https://awesome-repositories.com/f/system-administration-monitoring/metrics-exporters.md) — Exposes security and performance metrics to external monitoring systems for real-time observability. ([source](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration.md))
- [Metric and Performance Monitors](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/metric-performance-monitors.md) — Exposes real-time performance data on log parsing, bucket overflows, and API activity. ([source](https://docs.crowdsec.net/docs/next/getting_started/crowdsec_tour.md))
- [Processing Engine Metrics](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/metric-performance-monitors/processing-engine-metrics.md) — Provides internal processing statistics and detection performance metrics to identify system bottlenecks. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_metrics.md))
- [Server Metrics](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/metric-performance-monitors/server-metrics.md) — Provides system and application performance data through standard endpoints for observability. ([source](https://docs.crowdsec.net/docs/next/configuration/network_management.md))
- [Notification Channel Configuration](https://awesome-repositories.com/f/system-administration-monitoring/notification-channels/notification-channel-configuration.md) — Manages external notification plugins to alert administrators when security events are detected. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_notifications.md))

### Part of an Awesome List

- [Network Security](https://awesome-repositories.com/f/awesome-lists/devops/network-security.md) — Lightweight software for detecting and blocking aggressive peers.
- [Security Tools](https://awesome-repositories.com/f/awesome-lists/devtools/security-tools.md) — Collaborative intrusion prevention system for behavioral analysis.
- [Intrusion Detection Systems](https://awesome-repositories.com/f/awesome-lists/security/intrusion-detection-systems.md) — Collaborative behavior detection engine and IP reputation network.
- [Security and Infrastructure](https://awesome-repositories.com/f/awesome-lists/security/security-and-infrastructure.md) — Collaborative IPS/IDS software for analyzing visitor behavior.
- [Security And Privacy](https://awesome-repositories.com/f/awesome-lists/security/security-and-privacy.md) — Crowdsourced security solution for protecting against malicious IPs.

### Content Management & Publishing

- [Security Configuration Hubs](https://awesome-repositories.com/f/content-management-publishing/documentation-knowledge-management/knowledge-bases/community-driven-knowledge-hubs/security-configuration-hubs.md) — Distributes community-curated security scenarios, parsers, and collections from a central repository to ensure consistent and up-to-date protection.

### Development Tools & Productivity

- [Security Configuration Updaters](https://awesome-repositories.com/f/development-tools-productivity/configuration-updates/tooling-configuration-updaters/security-configuration-updaters.md) — Automates daily updates to security rule collections to ensure protection against evolving vulnerabilities. ([source](https://docs.crowdsec.net/docs/next/appsec/quickstart/traefik.md))
- [External Intelligence Integrators](https://awesome-repositories.com/f/development-tools-productivity/external-service-integrations/external-security-tool-integrations/external-intelligence-integrators.md) — Queries external security services to enrich local data with global insights and improve threat detection accuracy. ([source](https://docs.crowdsec.net/docs/next/configuration/crowdsec_configuration.md))
- [Security Collection Upgraders](https://awesome-repositories.com/f/development-tools-productivity/security-cli-tools/security-collection-upgraders.md) — Updates installed security configurations to their latest versions from a central repository. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_collections_upgrade.md))
- [Security Rule Removers](https://awesome-repositories.com/f/development-tools-productivity/package-removal-utilities/security-collection-removers/security-rule-removers.md) — Deletes specific application security rules to stop them from being applied to incoming traffic. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_appsec-rules_remove.md))
- [Parser Inspectors](https://awesome-repositories.com/f/development-tools-productivity/version-control-systems/log-parsers/parser-inspectors.md) — Provides visibility into active log processing configurations to ensure they are correctly loaded. ([source](https://docs.crowdsec.net/docs/next/cscli/cscli_parsers_list.md))

### Data & Databases

- [Data Parsing](https://awesome-repositories.com/f/data-databases/data-engineering-infrastructure/data-extraction-ingestion/data-parsing.md) — Parses and transforms raw log data into structured objects for security analysis and event processing. ([source](https://docs.crowdsec.net/docs/next/expr/json_helpers.md))
- [Data Enrichment](https://awesome-repositories.com/f/data-databases/data-enrichment.md) — Enriches traffic data with geographic and network provider information for better security context. ([source](https://docs.crowdsec.net/docs/next/expr/ip_helpers.md))
- [Data Visualization Dashboards](https://awesome-repositories.com/f/data-databases/data-visualization-dashboards.md) — Deploys a dashboard interface to provide graphical insights and reporting on detected threats. ([source](https://docs.crowdsec.net/docs/next/getting_started/crowdsec_tour.md))
- [Relational Database Persistence](https://awesome-repositories.com/f/data-databases/relational-database-persistence.md) — Persists security data in relational database backends to handle varying levels of traffic and scale. ([source](https://docs.crowdsec.net/docs/next/configuration/values_parameters.md))
- [Caching](https://awesome-repositories.com/f/data-databases/data-engineering-infrastructure/caching-performance/caching.md) — Caches threat intelligence and security decisions to minimize latency and reduce network overhead during traffic inspection. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_php_softagent.md))
- [Data Persistence and Storage](https://awesome-repositories.com/f/data-databases/data-engineering-infrastructure/data-persistence-storage.md) — Provides persistent storage for security signals and remediation decisions within a local database backend. ([source](https://docs.crowdsec.net/docs/next/getting_started/install_pyagent.md))
- [Data Persistence Management](https://awesome-repositories.com/f/data-databases/data-engineering-infrastructure/data-persistence-storage/data-persistence-management.md) — Maintains a persistent database backend to manage the lifecycle of security alerts and remediation decisions. ([source](https://docs.crowdsec.net/docs/next/local_api/intro.md))
- [Decision Streamers](https://awesome-repositories.com/f/data-databases/decision-support-systems/decision-streamers.md) — Synchronizes security policies by incrementally fetching new and expired decisions to ensure enforcement components maintain an accurate state. ([source](https://docs.crowdsec.net/docs/next/local_api/bouncers.md))