I want to…
Detect & block attacks on servers
Identify and ban bad-behaving IPs from your logs and requests using CrowdSec Detection Scenarios and Virtual-Patching collections.
IDPSWAFCrowdSec FOSS
Sysadmins · DevOps · SRE
Security Engine
Plug CrowdSec blocklists into a firewall, CDN or WAF
Manage network-perimeter devices and want a URL to subscribe to — no agent to install, just curated feeds your equipment can pull.
Threat FeedsIOC StreamsDeny-list
Network · Platform teams
Blocklist Integration Endpoint
Investigate IP behaviors and enrich alerts
Security analyst or developer who wants IP context, behaviors, CVEs, aggressivity… in a browser or via REST API.
IOC LookupThreat IntelCTI API
SOC · Threat Intel
IP Reputation & CTI
Already running CrowdSec?
How each path works
SECURITY ENGINE
Detect and block malicious behaviors on your infrastructure
Open-source agent that parses logs, applies scenarios, and bans IPs.
01
Install the Security Engine
Runs on your server, detects attack patterns in real time. Immediately protected with the Community Blocklist.
02
RECOMMENDEDActivate the WAF module
Layer in the AppSec component to inspect HTTP traffic and block web exploits.
03
OPTIONALSubscribe to blocklists
Add extra curated feeds on top of the built-in detection & community blocklist.
04
OPTIONALCraft your own rules
Write custom scenarios for your stack, then share them on the Hub.
BLOCKLISTS
Push curated threat feeds directly into your firewall, CDN or WAF
IP REPUTATION & CTI
Query threat intel — in the browser or via API in your tools
Not sure where to start?
Answer a few questions and get a recommended path with install steps for your stack.