Hello everyone,
We’ve just released an alpha version of our Windows port !
This version is based on crowdsec 1.3.0, with a few minor bug fixes and changes on top.
It comes with a few windows specific collections:
- RDP/SMB bruteforce detection
- IIS logs parser
- SQL Server bruteforce detection
- Windows Firewall port scan detection
Of course, existing collections should work the same as on Linux (e.g., installing the nginx collection will allow crowdsec to parse nginx logs on windows).
We also released (in alpha as well) a bouncer for the Windows Firewall.
This bouncer interacts with the Windows Firewall to drop IPs blocked by Crowdsec.
While we tested everything and did not find any major issues, we are eager to hear your feedback !
If you find any bugs or encouter any issues, please report it in the #windows discord channel.
Same thing if you have ideas on new parsers/scenarios for windows specific services, we’d love to hear from you.
You can find to documentation on how to get started with both the agent and the bouncer here: Install CrowdSec (Windows) | CrowdSec
As this is an alpha release, the installers are not available in github, you need to download them from here: https://alpha-packages.crowdsec.net/