---
description: Review of Crowdsec Software: system overview, features, price and cost information. Get free demos and compare to similar programs on Software Advice New Zealand.
image: https://gdm-localsites-assets-gfprod.imgix.net/images/software_advice/og_logo-55146305bbe7b450bea05c18e9be9c9a.png
title: Crowdsec | Reviews, Pricing & Demos - SoftwareAdvice NZ
---

Breadcrumb: [Home](/) > [Computer Security Software](/directory/4528/security/software) > [Crowdsec](/software/267630/crowdsec)

# Crowdsec

Canonical: https://www.softwareadvice.co.nz/software/267630/crowdsec

> CrowdSec aims to provide a crowd-sourced approach to common infrastructure defense problems. It does so by distributing free \& open-source software allowing users to protect themselves and share information about malevolent actors within its user network.

This platform uses a decoupled approach (detect here, remedy there) and an inference engine that leverages leaky buckets, YAML \& Grok patterns to identify aggressive behaviors. It acquires signals from various data sources like logs or cloud trails, Kafka, etc., normalizes them, enriches them to apply heuristics and triggers a bouncer to deal with the threat, if need be. Since it’s written in Go, it’s compatible with almost any environment, fast in execution, and resource conservative.

CrowdSec captures all aggression signals (timestamp, IP, behavior) and sends them for curation. That way, it establishes a reliable IP blacklist that is constantly redistributed to the network members in order to achieve a form of digital herd Immunity. An IP caught aggressing WordPress sites will quickly be banned by all members using CrowdSec that subscribed to the WordPress defense collection.

While CrowdSec is in charge of the detection, the reaction is performed by “bouncers” that aim to be deployable at any level of the applicative / infrastructure stack:
- via Nftables/Iptables/Pf based on an IP set 
- via Nginx LUA scripting
- via WordPress plugin
Or GCP/AWS/Azure firewall, slack or scripting, notifications, etc.

Bouncers can enforce several types of remediation such as blocking, sending a captcha, notifying, lower rights, speed, send a 2FA request, etc. Chained leaky buckets can help sort opportunistic attacks from targeted ones. 

This approach, combined with a declarative configuration and a stateless behavior, makes it an efficient tool to enhance the security of modern stacks (containers, k8s, serverless and more generally automatically deployed infrastructures).

Whenever an attack is locally blocked/detected by Crowd watch, the “meta” information of the attack is shared amongst participants (source IP, date, and triggered scenario) for redistribution to network members.

Some other notable features include:
- a public hub to find, share and amend parsers, scenarios, and blockers
- permissive open-source license (MIT) to stay business-friendly
- Communication channels to interact with each other
> 
> Verdict: Rated \*\*\*\* by 0 users. Top-rated for **Overall Quality**.

-----

## About the vendor

- **Company**: Crowdsec

## Commercial Context

- **Pricing model**: Per User (Free version available) (Free Trial)
- **Pricing Details**: Access to our solution is free of charge.
- **Target Audience**: 11–50
- **Deployment & Platforms**: Cloud, SaaS, Web-based, Linux (Desktop), Linux (On-Premise)
- **Supported Languages**: Arabic, English, French, Russian, Spanish
- **Available Countries**: China, France, Germany, Japan, Russia, Spain, United Kingdom, United States

## Features

- AI/Machine Learning
- Behavioural Analytics
- Data Security
- Data Visualisation
- Endpoint Protection Software
- Firewalls
- Intrusion Detection System
- Network Security Software
- Real-Time Data
- Real-Time Monitoring
- Real-Time Reporting
- Risk Alerts
- Threat Intelligence
- Whitelisting/Blacklisting

## Support Options

- Email/Help Desk
- FAQs/Forum
- Phone Support
- 24/7 (Live rep)
- Chat

## Category

- [Computer Security Software](https://www.softwareadvice.co.nz/directory/4528/security/software)

## Related Categories

- [Computer Security Software](https://www.softwareadvice.co.nz/directory/4528/security/software)
- [Network Security Software](https://www.softwareadvice.co.nz/directory/4170/network-security/software)
- [Threat Intelligence Platforms](https://www.softwareadvice.co.nz/directory/3995/threat-intelligence/software)
- [Cybersecurity Software](https://www.softwareadvice.co.nz/directory/4643/cybersecurity/software)
- [Cloud Security Software](https://www.softwareadvice.co.nz/directory/4329/cloud-security/software)

## Alternatives

1. [SpamTitan](https://www.softwareadvice.co.nz/software/243039/spamtitan) — 4.6/5 (563 reviews)
2. [Cloudflare](https://www.softwareadvice.co.nz/software/129886/cloudflare) — 4.7/5 (515 reviews)
3. [SentinelOne](https://www.softwareadvice.co.nz/software/363019/sentinelone) — 4.8/5 (109 reviews)
4. [Splunk Enterprise](https://www.softwareadvice.co.nz/software/234262/splunk-enterprise) — 4.6/5 (259 reviews)
5. [ESET Endpoint Security](https://www.softwareadvice.co.nz/software/134149/eset-endpoint-security) — 4.7/5 (1169 reviews)

## Links

- [View on SoftwareAdvice](https://www.softwareadvice.co.nz/software/267630/crowdsec)

## This page is available in the following languages

| Locale | URL |
| en | <https://www.softwareadvice.com/security/crowdsec-profile/> |
| en-AU | <https://www.softwareadvice.com.au/software/267630/crowdsec> |
| en-GB | <https://www.softwareadvice.co.uk/software/267630/crowdsec> |
| en-IE | <https://www.softwareadvice.ie/software/267630/crowdsec> |
| en-NZ | <https://www.softwareadvice.co.nz/software/267630/crowdsec> |

-----

## Structured Data

<script type="application/ld+json">
  {"@context":"https://schema.org","@graph":[{"name":null,"address":{"@type":"PostalAddress","addressLocality":null,"addressRegion":null,"postalCode":null,"streetAddress":null},"description":"Software Advice helps businesses in New Zealand find the best software. Compare software options and learn more from our research and user reviews.","email":"info@softwareadvice.co.nz","url":"https://www.softwareadvice.co.nz/","logo":"https://dm-localsites-assets-prod.imgix.net/images/software_advice/logo-white-d2cfd05bdd863947d19a4d1b9567dde8.svg","@id":"https://www.softwareadvice.co.nz/#organization","@type":"Organization","parentOrganization":"Gartner, Inc.","sameAs":[]},{"name":"Crowdsec","description":"CrowdSec aims to provide a crowd-sourced approach to common infrastructure defense problems. It does so by distributing free &amp; open-source software allowing users to protect themselves and share information about malevolent actors within its user network.\n\nThis platform uses a decoupled approach (detect here, remedy there) and an inference engine that leverages leaky buckets, YAML &amp; Grok patterns to identify aggressive behaviors. It acquires signals from various data sources like logs or cloud trails, Kafka, etc., normalizes them, enriches them to apply heuristics and triggers a bouncer to deal with the threat, if need be. Since it’s written in Go, it’s compatible with almost any environment, fast in execution, and resource conservative.\n\nCrowdSec captures all aggression signals (timestamp, IP, behavior) and sends them for curation. That way, it establishes a reliable IP blacklist that is constantly redistributed to the network members in order to achieve a form of digital herd Immunity. An IP caught aggressing WordPress sites will quickly be banned by all members using CrowdSec that subscribed to the WordPress defense collection.\n\nWhile CrowdSec is in charge of the detection, the reaction is performed by “bouncers” that aim to be deployable at any level of the applicative / infrastructure stack:\n- via Nftables/Iptables/Pf based on an IP set \n- via Nginx LUA scripting\n- via WordPress plugin\nOr GCP/AWS/Azure firewall, slack or scripting, notifications, etc.\n\nBouncers can enforce several types of remediation such as blocking, sending a captcha, notifying, lower rights, speed, send a 2FA request, etc. Chained leaky buckets can help sort opportunistic attacks from targeted ones. \n\nThis approach, combined with a declarative configuration and a stateless behavior, makes it an efficient tool to enhance the security of modern stacks (containers, k8s, serverless and more generally automatically deployed infrastructures).\n\nWhenever an attack is locally blocked/detected by Crowd watch, the “meta” information of the attack is shared amongst participants (source IP, date, and triggered scenario) for redistribution to network members.\n\nSome other notable features include:\n- a public hub to find, share and amend parsers, scenarios, and blockers\n- permissive open-source license (MIT) to stay business-friendly\n- Communication channels to interact with each other","image":"https://gdm-catalog-fmapi-prod.imgix.net/ProductScreenshot/cab5c098-0bde-444f-8f05-b59901d0eadf.png","url":"https://www.softwareadvice.co.nz/software/267630/crowdsec","@id":"https://www.softwareadvice.co.nz/software/267630/crowdsec#software","@type":"SoftwareApplication","applicationCategory":"BusinessApplication","publisher":{"@id":"https://www.softwareadvice.co.nz/#organization"},"operatingSystem":"Cloud, Linux, Linux on premise"},{"@id":"https://www.softwareadvice.co.nz/software/267630/crowdsec#breadcrumblist","@type":"BreadcrumbList","itemListElement":[{"name":"Home","position":1,"item":"/","@type":"ListItem"},{"name":"Computer Security Software","position":2,"item":"/directory/4528/security/software","@type":"ListItem"},{"name":"Crowdsec","position":3,"item":"/software/267630/crowdsec","@type":"ListItem"}]}]}
</script>