Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

improve community blocklists doc #664

Merged
merged 4 commits into from
Nov 8, 2024
Merged

improve community blocklists doc #664

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0687ce1
WIP : improve community blocklist doc
buixor Nov 5, 2024
8f3762b
Merge branch 'main' into improve_community_blocklist
LaurenceJJones Nov 5, 2024
67ee78b
up
buixor Nov 6, 2024
fa77b99
phrasing
buixor Nov 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions crowdsec-docs/docs/central_api/blocklist.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
---
id: community_blocklist
title: Community Blocklist
sidebar_position: 3
---

# Introduction

The "Community Blocklist" is a curated list of IP addresses identified as malicious by CrowdSec. CrowdSec proactively block the IP addresses of this blocklist, preventing malevolent IPs from reaching your systems.


# Community Blocklist Variation and Eligibility

The rules are different for free and paying users:
- Free users that **do not** contribute get the `Community Blocklist (Lite)`
- Free users that **do** contribute get access to the `Community Blocklist`
- Paying users get access to the `Community Blocklist (Premium)`, even if they don't contribute

Regardless of the blocklist "tier" you have access to (`Lite`, `Community`, `Premium`), each Security Engine gets a tailored blocklist based on the kind of behavior you're trying to detect.

# Community Blocklist

Free users that are actively contributing to the network (sending signal on a regular basis) have their Security Engines automatically subscribed to the *Community Blocklist*.

The content of the blocklist is unique to each Security Engine, as it mirrors the behaviours they report. For example, suppose you're running the Security Engine on a web server with WordPress. In that case, you will receive IPs performing generic attacks against web servers *and* IPs engaging in wordpress-specific attacks.

The *Community Blocklist* contains 15 thousand malicious IP's based on your reported scenarios.

# Community Blocklist (Premium)

Paying users' Security Engine are automatically subscribed to the *Community Blocklist (Premium)*, which contains IPs that mirror their installed scenarios.
Paying users' do not need to contribute to the network to be eligible to the blocklist.

The *Community Blocklist (Premium)* blocklist content has no size limit, unlike free users.

# Community Blocklist (Lite)

Free users that are not actively contributing to the network or that have been flagged as cheating/abusing the system will receive the *Community Blocklist (Lite)*.

This Blocklist is capped at 3 thousand IPs.
1 change: 1 addition & 0 deletions crowdsec-docs/sidebars.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,7 @@
id: "central_api/intro",
},
items: [
"central_api/community_blocklist",
{
type: "link",
label: "Swagger",
Expand Down