Server dashboard screen :
Crowdsec integration with IP address reputation :
Suspicious loaded DLL by processes detection :
Final version :
- Loaded DLL by processes detections
V 2.3 :
- Crowdsec IP reputation integration (match ip in TCPIP logs)
- Alerts can be sent by email
- Statistics in server dashboard rely on real data
- Correction of bug that keeps CPU usage over 90%
V 2.1 :
- Client updates detection rules defined in a server XML file automatically
- No more compilation required for new rules creation
V 2.0 :
- Client-server support
- Client agent launched on startup as Windows service
V 1.1 :
- Detect and notify WinRM connections
V 1.0 :
- Detect and notify RDP, SMB and RPC connections
On Windows, ETW (for Event Tracing for Windows) is a mechanism to trace and log events that are raised
by user-mode applications and kernel-mode drivers.
ETWMonitor monitors events in real time to detect suspicious network connections.
- You can download latest compiled version from Release page
Also see installations instructions here : INSTALLATION HOW TO.pdf
No more improvements are planned for the moment.
Desktop version is no more maintained.
Only client-version will be maintained to get faster updates.
You can still add Agent version updates to Desktop version manually if needed.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent