-
Notifications
You must be signed in to change notification settings - Fork 89
wip: enhanced introduction #810
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
LaurenceJJones
merged 10 commits into
crowdsecurity:main
from
LaurenceJJones:quickstart_intro
Jul 4, 2025
Merged
Changes from 1 commit
Commits
Show all changes
10 commits
Select commit
Hold shift + click to select a range
e31cc92
wip: enhanced introduction
LaurenceJJones 6c8dbf3
wip: Add popover as a fallback on mobile devices
LaurenceJJones 3e6fbe0
wip: fix lock
LaurenceJJones 773f990
wip: fix popover
LaurenceJJones a5c3aaf
Merge branch 'main' into quickstart_intro
LaurenceJJones 3ffd2df
enhance: grey on light mode, and simple image
LaurenceJJones c14fb94
enhance: hint at previous RC naming scheme
LaurenceJJones 238ffd1
enhance: word words and wrod
LaurenceJJones 5ec1338
enhance: fix broken links
LaurenceJJones 6b915ec
enhance: fix broken link
LaurenceJJones File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| import React from 'react'; | ||
| import { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider } from '@site/src/ui/tooltip'; | ||
|
|
||
| export default function UnderlineTooltip({ children, tooltip }) { | ||
| return ( | ||
| <TooltipProvider delayDuration={300}> | ||
| <Tooltip> | ||
| <TooltipTrigger asChild> | ||
| <span className="tw-underline tw-decoration-dashed tw-decoration-1 tw-decoration-gray-700 tw-cursor-help hover:tw-decoration-gray-900 dark:tw-decoration-gray-300 dark:hover:tw-decoration-gray-100 tw-underline-offset-2"> | ||
| {children} | ||
| </span> | ||
| </TooltipTrigger> | ||
| <TooltipContent> | ||
| <p>{tooltip}</p> | ||
| </TooltipContent> | ||
| </Tooltip> | ||
| </TooltipProvider> | ||
| ); | ||
| } | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
crowdsec-docs/unversioned/getting_started/installation/cloudways.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
crowdsec-docs/unversioned/getting_started/installation/freebsd.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
crowdsec-docs/unversioned/getting_started/installation/opnsense.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
crowdsec-docs/unversioned/getting_started/installation/pfsense.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 changes: 1 addition & 1 deletion
2
crowdsec-docs/unversioned/getting_started/installation/windows.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
76 changes: 76 additions & 0 deletions
76
crowdsec-docs/unversioned/getting_started/introduction.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| --- | ||
| id: intro | ||
| title: Introduction | ||
| sidebar_position: 1 | ||
| --- | ||
|
|
||
| import useBaseUrl from "@docusaurus/useBaseUrl" | ||
| import UnderlineTooltip from "@site/src/components/UnderlineTooltip" | ||
|
|
||
| ## What is CrowdSec Security Engine? | ||
|
|
||
| The Security Engine is a collaborative and lightweight <UnderlineTooltip tooltip="An Intrusion Detection System monitors logs or traffic to detect and report suspicious or malicious behavior, such as scans, brute-force attempts, or exploits.">Intrusion Detection System</UnderlineTooltip> (IDS) and <UnderlineTooltip tooltip="A security system that filters, monitors, and blocks HTTP traffic to and from a web application to prevent attacks like SQL injection, XSS, and more.">Web Application Firewall</UnderlineTooltip> (WAF). | ||
|
|
||
| It begins by reading logs specified in <UnderlineTooltip tooltip="Acquisition files tell CrowdSec where to find logs and which application they belong to.">acquisitions</UnderlineTooltip>, then uses <UnderlineTooltip tooltip="YAML files that extract relevant data from logs, such as IP addresses, timestamps, or request paths.">parsers</UnderlineTooltip> to structure the information. This data is evaluated against <UnderlineTooltip tooltip="Behavioral rules written in a domain-specific language that define what malicious activity looks like, such as multiple failed logins in a short time.">scenarios</UnderlineTooltip>, which are designed to detect specific types of attacks or suspicious patterns. | ||
|
|
||
| When an attack is identified, CrowdSec can apply a <UnderlineTooltip tooltip="A temporary or permanent decision, like blocking an IP address, taken in response to a detected threat.">remediation</UnderlineTooltip>, based on rules defined in <UnderlineTooltip tooltip="Profiles are rule sets that define which decisions to take (or ignore) when a behavior is detected.">profiles</UnderlineTooltip>. | ||
|
|
||
| What makes CrowdSec unique is its <UnderlineTooltip tooltip="Users who detect malicious behavior share anonymized signals with the wider network, helping others preemptively block emerging threats.">collaborative threat intelligence</UnderlineTooltip> system, where each protected system contributes to a [community blocklist](/docs/next/central_api/community_blocklist) that helps everyone stay better protected. | ||
|
|
||
| ## What is a Remediation Component? | ||
|
|
||
| Remediation Components are software modules that connect to the <UnderlineTooltip tooltip="The Local API (LAPI) is exposed by the Security Engine and acts as the interface for retrieving and managing decisions.">Local API</UnderlineTooltip> (LAPI) and enforce <UnderlineTooltip tooltip="Decisions are remediation actions such as bans or alerts taken by the Security Engine in response to detected threats.">decisions</UnderlineTooltip> made by the Security Engine. | ||
LaurenceJJones marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| These components can operate independently, such as the [Firewall Remediation](bouncers/firewall.mdx), which integrates with <UnderlineTooltip tooltip="A widely used packet filtering and firewall system for Linux.">iptables</UnderlineTooltip>, <UnderlineTooltip tooltip="The modern replacement for iptables, offering improved performance and a more consistent syntax.">nftables</UnderlineTooltip>, or <UnderlineTooltip tooltip="The built-in firewall system used on BSD-based systems like FreeBSD, OpenBSD, and macOS.">pf</UnderlineTooltip>. They can also be embedded directly into existing applications, such as [Nginx](bouncers/nginx.mdx), where <UnderlineTooltip tooltip="A lightweight scripting language embedded into software like Nginx to enable custom behavior, including dynamic security enforcement.">Lua</UnderlineTooltip> is used to enforce decisions at runtime. | ||
|
|
||
| This is often referred to as the <UnderlineTooltip tooltip="An Intrusion Prevention System actively blocks or mitigates detected threats, often based on decisions made by an Intrusion Detection System.">Intrusion Prevention System</UnderlineTooltip> (IPS) layer that complements the <UnderlineTooltip tooltip="An Intrusion Detection System monitors logs or traffic to detect and report suspicious or malicious behavior, such as scans, brute-force attempts, or exploits.">Intrusion Detection System</UnderlineTooltip> (IDS) role of the Security Engine. They do not make decisions on their own; instead, they act based on what the Security Engine instructs. | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| We recommend that you understand the following prerequisites before installing CrowdSec: | ||
|
|
||
| ### Hardware | ||
|
|
||
| CrowdSec is a lightweight software that can run on most modern hardware. | ||
|
|
||
| However, the recommendation is at least: | ||
|
|
||
| * platform: | ||
| * amd64 | ||
| * arm64 | ||
| * armhf | ||
| * 1 CPU core | ||
| * 100mb of free RAM | ||
| * 1GB of free disk space | ||
|
|
||
| :::info | ||
| We recommend 1gb of free disk space due to the amount of data that can be stored in the database. | ||
| ::: | ||
|
|
||
| ### Operating System | ||
|
|
||
| We support the following operating systems: | ||
|
|
||
| * [Linux](/getting_started/installation/linux.mdx) | ||
| * [FreeBSD](/getting_started/installation/freebsd.mdx) | ||
| * [Windows](/getting_started/installation/windows.mdx) | ||
| * [MacOS](/getting_started/installation/macos.mdx) (through Docker) | ||
| * [Kubernetes](/getting_started/installation/kubernetes.mdx) | ||
|
|
||
| [See version matrix for detailed breakdown](/docs/next/getting_started/versions_matrix) | ||
|
|
||
| ### Ports | ||
|
|
||
| CrowdSec Security Engine uses the following default ports these can be altered after installation: | ||
|
|
||
| * 6060/tcp: Prometheus metrics port | ||
LaurenceJJones marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| * 8080/tcp: API port | ||
|
|
||
| <div style={{ display: "flex" }}> | ||
| <div style={{ textAlign: "center", flex: "1" }}> | ||
| <img src={useBaseUrl("/img/simplified_SE_underthehood.svg")}></img> | ||
LaurenceJJones marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
| </div> | ||
| </div> | ||
|
|
||
|
|
||
|
|
||
58 changes: 0 additions & 58 deletions
58
crowdsec-docs/unversioned/getting_started/prerequisites.mdx
This file was deleted.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.