I want to…
01 · DETECT
Detect & block attacks on my servers
Identify and ban bad-behaving IPs from your logs and requests using CrowdSec Detection Scenarios and Virtual-Patching collections.
IDSIPSWAFCrowdSec FOSS
Sysadmins · DevOps · SRE
Security Engine
02 · PROTECT
Push blocklists into my firewall, CDN or WAF
Manage network-perimeter devices and want a URL to subscribe to — no agent to install, just curated feeds your equipment can pull.
AWSThreat FeedsNGINXCloudflare
Network · Platform teams
Blocklist Endpoint
03 · INVESTIGATE
Investigate IP behaviors & enrich alerts
Security analyst or developer who wants IP context, behaviors, CVEs, aggressivity… in a browser or via REST API.
SOCLookupThreat IntelAPI
SOC · Threat Intel
IP Reputation & CTI
Already running CrowdSec?
How each path works
SECURITY ENGINE
Detect and block malicious behaviors on your infrastructure
Open-source agent that parses logs, applies scenarios, and bans IPs.
01
Install the Security Engine
Runs on your server, detects attack patterns in real time. Immediately protected with the Community Blocklist.
02
RECOMMENDEDActivate the WAF module
Layer in the AppSec component to inspect HTTP traffic and block web exploits.
03
OPTIONALSubscribe to blocklists
Add extra curated feeds on top of the built-in detection & community blocklist.
04
OPTIONALCraft your own rules
Write custom scenarios for your stack, then share them on the Hub.
BLOCKLISTS
Push curated threat feeds directly into your firewall, CDN or WAF
IP REPUTATION & CTI
Query threat intel — in the browser or via API in your tools
Not sure where to start?
Answer a few questions and get a recommended path with install steps for your stack.