Skip to main content

Details page

Introduction​

This page will reference information about a specific Security Engine. This page is your one-stop resource for understanding everything related to the Security Engine you're interested in.

Security Engine details page

Usage​

Summary​

At the top of the page, the essential information regarding the Security Engine is referenced. This includes the IP address, ID, last activity, tags, and the current version. This page will notify if the Security Engine is not running the latest CrowdSec version. To identify outdated Security Engines, you can also utilize the Troubleshooting feature.

Security Engine details page

Quick actions are available from the summary to apply changes to your Security Engine.

Security Engine details page

Remediation components​

The remediation component in CrowdSec will apply either the decisions made by CrowdSec, the blocklists or the custom decisions.

Security Engine details page

Metrics​

Starting from version 1.6.3, CrowdSec’s remediation components now display detailed metrics. These metrics provide valuable insights into the number of traffic drops and the volume of traffic processed by each remediation component.

To access a detailed view of these metrics, simply click the Get More Info button on any active remediation component card. This will show you the effectiveness of each decision made by the Security Engine, based on the installed blocklists.

Security Engine details page

In the same modal, you can view the active decisions. This section provides information about the number of decisions made by each source of decisions.

Security Engine details page

Inactive remediation components​

Remediation components are meant to block attackers. Having inactive remediation component can compromise the security of your Security Engine, as they cannot apply decisions.

Security Engine details page

Blocklists​

The Blocklists section will display all blocklists associated with the Security Engine. This section will provide information about the blocklist, including the number of IPs, the last update, and the number of false positives.

See the blocklist documentation to install your first one.

Security Engine details page

Scenarios​

To view all installed scenarios on the Security Engine, navigate to the Scenarios section. Here, each scenario will display the triggered alerts, easily accessible on the HUB with just one click.

Security Engine details page

For additional scenarios, visit the CrowdSec HUB.

info

By clicking on a scenario, you can access essential information about the scenario and be redirected to the corresponding page in the CrowdSec HUB. This provides direct access to the necessary details.

Security Engine details page

Log Processors​

The Log Processors section will only be displayed if the Security Engines have multiple log processors, indicating a Distributed Setup. Here, you can access all essential information regarding the log processors and their current version.

info

A warning will be displayed if any Security Engine has an outdated version.

Security Engine details page