Skip to main content
Version: Next

Global overview

Log Processor (LP)

The Log Processor is in charge of the detection of bad behaviors, based on your logs or your HTTP trafic.

The Log Processor (abreviated as LP) detects bad behaviors via two main functions:

Alerts resulting from Scenarios or Appsec Rules being triggered are sent to the LAPI.

Local API (LAPI)

The Local API is the middleman between the Log Processors, the Remediation Components and the Central API.

The Local API (abreviated as LAPI) has several functions:

  • Receive alerts from Log Processors and create Decisions based on configured Profiles
  • Expose Decisions to Remediation Components
  • Interact with the Central API to send Alerts receive Blocklists

Remediation Components (Bouncers)

The Remediation Components (also called Bouncers) are in charge of enforcing decisions.

Remediation Components rely on the Local API to receive decisions about malevolent IPs to be blocked.

Those Decisions can be based on behavioral detection made by the LP or from Blocklists.

Remediations components laverage existing components of your infrastructure to block malevolent IPs where it matters most.

Central API (CAPI)

The Central API (CAPI) in CrowdSec serves as a pivotal component for aggregating and disseminating threat intelligence across its user community.

The Central API (abreviated as CAPI) receives signal from Crowdsec instances and partner networks and will compute them to ultimately create Cyber Threat Intelligence and Blocklists.

Console

The CrowdSec Console is a web-based interface that enhances the functionality of the CrowdSec security engine.

The Console allows you to:

Security Engine

The Security Engine is a concept that encompasses the Log Processor and the Local API.

The Security Engine is the generic term to describe a Log Processor coupled to a Local API.

CrowdSec ConsoleCrowdSec Console