![]() ![]() C:\ProgramData\CrowdSec\config: Contains all the configuration files.C:\Program Files\CrowdSec: Contains the crowdsec.exe and cscli.exe executables.Windows Firewall: Network scan detection.We currently support the following Windows services: The default configuration will catch brute force attacks against RDP and SMB or any kind of remote authentication that uses Windows authentification. If you want to be able to detect something other than RDP or SMB bruteforce, then you will need to customize your acquisition configuration. The service will start at boot time.Ĭontrary to Linux, the Security Engine does not yet support the automatic configuration at installation time. Installation of the Windows Service for Security Engine.Registering your Security Engine with our Central API.This includes the basic parser for the windows event log, a scenario to detect login brute force and the MMDB files to perform geo-ip enrichment. The MSI file will perform some basic setup: You can download the MSI file from the latest github release.īefore installing the package, you might want to check the ports that the security engine will use.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |