Crowdsec Windows support in is alpha!

Hello everyone,

We’ve just released an alpha version of our Windows port !

This version is based on crowdsec 1.3.0, with a few minor bug fixes and changes on top.

It comes with a few windows specific collections:

  • RDP/SMB bruteforce detection
  • IIS logs parser
  • SQL Server bruteforce detection
  • Windows Firewall port scan detection

Of course, existing collections should work the same as on Linux (e.g., installing the nginx collection will allow crowdsec to parse nginx logs on windows).

We also released (in alpha as well) a bouncer for the Windows Firewall.

This bouncer interacts with the Windows Firewall to drop IPs blocked by Crowdsec.

While we tested everything and did not find any major issues, we are eager to hear your feedback !

If you find any bugs or encouter any issues, please report it in the #windows discord channel.

Same thing if you have ideas on new parsers/scenarios for windows specific services, we’d love to hear from you.

You can find to documentation on how to get started with both the agent and the bouncer here: Install CrowdSec (Windows) | CrowdSec

As this is an alpha release, the installers are not available in github, you need to download them from here: https://alpha-packages.crowdsec.net/

4 Likes

God knows what have you put into these installers. I mean I would be extremely cautios when testing these on production.

The code for crowdsec is available here if you want to review it: GitHub - crowdsecurity/crowdsec at windows (it will be merged in the master branch when we feel it’s ready) or here for the windows firewall bouncer: GitHub - crowdsecurity/cs-windows-firewall-bouncer at mvp (same thing, it will be merged when we are confident enough for an actual first release)

If you do not trust installers distributed from our website, you can either build them yourself or get them from the CI artifacts after inspecting the build process.

1 Like

@blotus most definitely I’ll build binary from source