Thanks for covering the 1.5. Just one comment here, the blocklist is highly dynamic and filtered by vetted installs of CrowdSec, which passed the 6 months quarantine period and offer enough diversity (AS, ranges, geo, types, scenarios, etc.). So IP are integrated for as long as enough vetted members are reporting it. When this "pressure" goes down, the IP is free and released from the blocklist. For us, adding an IP is as important as removing one when it's cleared by its legitimate owner. That's how (among other mechanisms) we avoid false positives.
Thanks for the great video regarding the subject matter contained herein. This video contained a lot of content about the topic it covered. I enjoyed learning about what you have taught to me.
Do the crowdsec Blocklist works if the website is using cloudflare proxy? If it cannot then does it means an IP can attack the website as many time as it wants without any detection or crowdsec will read the access log file and try to ban them again? As I know for wordpress website we can use the crowdsec plugin to ban IP even when using cloudflare proxy but how about other websites in the same server? Let's say nextcloud. Any suggestions would be helpful. Thanks
I'm curious about that auditd engine too - reactive/responsive system daemons and tools can move you from constant monitoring to exception management (with occasional inspection of services and system resources). I can see a future where some of these behaviours are logged and an AI engine looks for weird behaviour - I know there's more nefarious versions of this concept (a major US TV network has installed one to monitor employee speech in their network for non-woke speech) but for system management and misadventure (or even accidents/errors) this could prove invaluable.
Thanks for covering the 1.5. Just one comment here, the blocklist is highly dynamic and filtered by vetted installs of CrowdSec, which passed the 6 months quarantine period and offer enough diversity (AS, ranges, geo, types, scenarios, etc.). So IP are integrated for as long as enough vetted members are reporting it. When this "pressure" goes down, the IP is free and released from the blocklist. For us, adding an IP is as important as removing one when it's cleared by its legitimate owner. That's how (among other mechanisms) we avoid false positives.
Great timing, I have a stickynote stuck to my monitor at work "Install Crowdsec?".
Also, where do I get that shirt?
Great video my dude
Post exploitation behavior detection is a game changer
Thanks for the great video regarding the subject matter contained herein. This video contained a lot of content about the topic it covered. I enjoyed learning about what you have taught to me.
Do the crowdsec Blocklist works if the website is using cloudflare proxy? If it cannot then does it means an IP can attack the website as many time as it wants without any detection or crowdsec will read the access log file and try to ban them again? As I know for wordpress website we can use the crowdsec plugin to ban IP even when using cloudflare proxy but how about other websites in the same server? Let's say nextcloud. Any suggestions would be helpful. Thanks
Love the t-shirt!
I'm curious about that auditd engine too - reactive/responsive system daemons and tools can move you from constant monitoring to exception management (with occasional inspection of services and system resources). I can see a future where some of these behaviours are logged and an AI engine looks for weird behaviour - I know there's more nefarious versions of this concept (a major US TV network has installed one to monitor employee speech in their network for non-woke speech) but for system management and misadventure (or even accidents/errors) this could prove invaluable.
that's absolutely the point :)
Awesome Video~!!
That’s an awesome shirt 🎉
Cool shirt. Good video
great video!
nice vdeo
I want that shirt