Cybersecurity as a service
We update and manage the solution at a fixed monthly price throughout the year.
Monthly Reports
We send detailed reports on a monthly basis.
GDPR
Complies with GDPR and Swedish laws.
CROWDSEC OVERVIEW
- It reads log files (you define which data sources to read).
- The log files are analyzed (and can be enriched with a special function if needed).
- These normalized log files are matched against a number of scenarios that you can define.
- When a scenario is triggered, CrowdSec will generate an alert and eventually make one or more associated decisions:
- The alert is primarily for traceability and will remain even after the decision expires.
- The decision, however, is temporary and determines the action to be taken against an attacking IP/IP range/user.
- This information (the signal itself and the associated decision) is sent to CrowdSec's local API and stored in the database.
CrowdSec handles the detection and logs the action. Then, a bouncer can use these actions (via the same local API) to apply the actual blocking.
CROWD SOURCING
When the local API receives an alert with an associated action, metadata about this is shared with CrowdSec's central API:
- The source IP address that triggered the alert
- The scenario that was triggered
- A timestamp of the attack
This is the only information sent to CrowdSec's API, and it is processed by them to send relevant blocklists to all users. No information about your environment is stored or sent.
BOUNCERS
Bouncers are standalone applications whose role is to act when alerts are triggered. This is done by bouncers sending requests to the local API to find out if there is any active action to be applied for a specific IP, IP range, user, etc.