You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: crowdsec-docs/docs/concepts.md
+20-17Lines changed: 20 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,19 +7,27 @@ sidebar_position: 1
7
7
8
8
# Global overview
9
9
10
+
# Security Engine
11
+
12
+
> The Security Engine is CrowdSec's IDS/IPS (Intrusion Detection System/Intrusion Prevention System)
13
+
> It is a rules and behavior detection engine comprised of Log Processor and the Local API.
14
+
15
+
A Security Engine can operate [independently](/intro#architecture) or in a [distributed manner](/intro#deployment-options), adapting to the specific needs and constraints of your infrastructure. For more information on CrowdSec's distributed approach, visit our documentation on collaborative operations and distributed deployments.
16
+
17
+
10
18
# Log Processor (LP)
11
19
12
-
> The Log Processor is in charge of the detection of bad behaviors, based on your logs or your HTTP trafic.
20
+
> The Log Processor is the part of the Security Engine in charge of the detection of bad behaviors, based on your logs or your HTTP trafic.
13
21
14
22
The Log Processor (abreviated as `LP`) detects bad behaviors via two main functions:
15
23
-[Acquire](/log_processor/data_sources/introduction.md) logs, [parse](/log_processor/parsers/introduction.mdx), [enrich](/log_processor/parsers/enricher.md) and match them against [Scenarios](/log_processor/scenarios/introduction.mdx).
16
-
- Receive [HTTP Requests](/log_processor/data_sources/appsc.md) and match them against the [Appsec Rules](/appsec/intro.md).
24
+
- Receive [HTTP Requests](/log_processor/data_sources/appsec.md) and match them against the [Appsec Rules](/appsec/intro.md).
17
25
18
26
Alerts resulting from Scenarios or Appsec Rules being triggered are sent to the `LAPI`.
19
27
20
28
# Local API (LAPI)
21
29
22
-
> The Local API is the middleman between the Log Processors, the Remediation Components and the Central API.
30
+
> The Local API is the part of the Security Engine acting as the middleman between the Log Processors, the Remediation Components and the Central API.
23
31
24
32
The Local API (abreviated as `LAPI`) has several functions:
25
33
- Receive alerts from Log Processors and create Decisions based on configured [Profiles](/local_api/profiles/intro.md)
@@ -29,33 +37,28 @@ The Local API (abreviated as `LAPI`) has several functions:
29
37
30
38
# Remediation Components (Bouncers)
31
39
32
-
> The Remediation Components (also called `Bouncers`) are in charge of enforcing decisions.
40
+
> The Remediation Components (also called `Bouncers`) are external components in charge of enforcing decisions.
33
41
34
-
Remediation Components rely on the Local API to receive decisions about malevolent IPs to be blocked.
42
+
Remediation Components rely on the Local API to receive decisions about malevolent IPs to be blocked *(or other supported types or remediations such as Captcha, supported by some of our Bouncers).*
43
+
*Note that they also support [CrowdSec's Blocklist as a Service](/u/integrations/intro).*
35
44
36
45
Those Decisions can be based on behavioral detection made by the `LP` or from Blocklists.
37
46
38
-
[Remediations components](https://app.crowdsec.net/hub/remediation-components) laverage existing components of your infrastructure to block malevolent IPs where it matters most.
47
+
Remediations components leverage existing components of your infrastructure to block malevolent IPs where it matters most. You can find them on our [Remediation Components' HUB](https://app.crowdsec.net/hub/remediation-components)
39
48
40
49
# Central API (CAPI)
41
50
42
-
> The Central API (CAPI) in CrowdSec serves as a pivotal component for aggregating and disseminating threat intelligence across its user community.
51
+
> The Central API (CAPI) serves as the gateway for network participants to connect and communicate with CrowdSec's network.
43
52
44
-
45
-
The Central API (abreviated as `CAPI`) receives signal from Crowdsec instances and partner networks and will compute them to ultimately create [Cyber Threat Intelligence](/u/cti_api/intro) and [Blocklists](/u/blocklists/intro).
53
+
The Central API (abreviated as `CAPI`) receives attack signals from all participating Security Engines and signal partners, then re-distribute them curated community decisions ([Community Blocklist](/central_api/community_blocklist/)).
54
+
It's also at the heart of CrowdSec centralized [Blocklist services](/u/blocklists/intro).
46
55
47
56
# Console
48
57
49
-
> The CrowdSec Console is a web-based interface that enhances the functionality of the CrowdSec security engine.
58
+
> The CrowdSec Console is a web-based interface providing reporting, alerting, management and QoL features to CrowdSec's products usages: from your park of Security Engines to the management of CTI related actions
50
59
51
60
The [Console](https://app.crowdsec.net) allows you to:
52
61
-[Manage alerts](/u/console/alerts/intro) of your security stack
53
62
-[Manage decisions](/u/console/decisions/decisions_intro) in real-time
54
63
- View and use [blocklists and integrations](/u/blocklists/intro)
55
-
- Manage your API keys ([CTI API](/u/cti_api/intro), [Service API](/u/service_api/getting_started))
56
-
57
-
# Security Engine
58
-
59
-
> The Security Engine is a concept that encompasses the Log Processor and the Local API.
60
-
61
-
The Security Engine is the generic term to describe a Log Processor coupled to a Local API.
64
+
- Manage your API keys ([CTI API](/u/cti_api/intro), [Service API](/u/service_api/getting_started))
0 commit comments