Hello,
I need some confirmations.
Is it useful to install Crowdsec on Samba AD or Proxmox servers ?
Is it possible to use Enterprise plans or equivalent functionnalities with an on premise console ?
I only tried the cloud console to test the solution. Is it also possible to use the Hub as the cloud console ?
The root question : is CrowdSec designed to protect internal servers ? I have a doubt on that.
It wasnt originally designed with that aspect as the idea was the share signals based on exposed workloads. However, you can protect internal servers by removing the default installed whitelist this will allow alerts to be generated against them, however, I would opt for caution and place a profile infront of the default to just alert on these for example:
name: internal_alert
debug: false
filters:
- IpInRange(Alert.GetValue(), '192.168.1.0/24') ## your internal range here
notifications:
- email_internal ## Example internal alert notification.
on_success: break
---
name: default_ip_remediation
#debug: true
filters:
- Alert.Remediation == true && Alert.GetScope() == "Ip"
decisions:
- type: ban
duration: 4h
#duration_expr: Sprintf('%dh', (GetDecisionsCount(Alert.GetValue()) + 1) * 4)
# notifications:
# - slack_default # Set the webhook in /etc/crowdsec/notifications/slack.yaml before enabling this.
# - splunk_default # Set the splunk url and token in /etc/crowdsec/notifications/splunk.yaml before enabling this.
# - http_default # Set the required http parameters in /etc/crowdsec/notifications/http.yaml before enabling this.
# - email_default # Set the required email parameters in /etc/crowdsec/notifications/email.yaml before enabling this.
on_success: break
Is it possible to use Enterprise plans or equivalent functionnalities with an on premise console
Not currently this is on the roadmap but is very far from being achievable at the moment.
Is it also possible to use the Hub as the cloud console ?
What do you mean by this?
Thanks for the reply