CrowdSec Security Stack is an open source (MIT license) behavioral intrusion detection and prevention system designed to detect and block malicious IPs across infrastructure and web applications. The stack consists of four main components: - **Security Engine**: Analyzes logs and network requests to identify malicious behaviors and attacks. Runs locally and is GDPR-compliant, as logs never leave the user's infrastructure. Compatible with Linux distributions, Docker images, and Kubernetes Helm charts. - **Remediation Component**: Extends the Security Engine into a full IPS by actively blocking malicious IPs identified by the engine across various platforms. - **AppSec Component**: Transforms the Security Engine into a Web Application Firewall (WAF), protecting web applications from vulnerabilities and forwarding requests to the Remediation Component for enforcement. - **CrowdSec Console**: A centralized management interface providing real-time visualizations of intrusion attempts, threat intelligence analysis, IP reputation metrics, and management of multiple Security Engines. The platform operates on a crowd-sourced threat intelligence model: participating machines contribute behavioral signals (averaging 12M+ per day from 110K+ machines across 190+ countries) to a shared blocklist network. Community features include open source access, custom scenarios, real-time decision management, AWS CloudTrail scenarios, CAPI allow lists, and Kubernetes audit acquisition. Enterprise features add background noise filtering (targeting 80%+ of security alerts from mass exploitation), advanced alert context, and automated decision management.