CrowdSec

Stop Switching Between Tools. Start Protecting Everything.

IOC detection, WAF rules, and threat intelligence. One platform with infinite possibilities

Highly Curated Blocklists

World leading crowd-sourced perimeter protection that updates faster than threats can evolve.

Community

Get started with essential protection

Free
  • 3 Free-tier Blocklists
    Popular third party & community lists
  • Daily Updates
    Fresh threat data every 24 hours
  • Community Support
    Access to our community forum

Enterprise

Protection for growing businesses

Pay as you grow
  • CrowdSec Blocklists
    Protect from Botnets & CVE attackers
  • Real-Time Updates
    Get lightning-fast updates every hour
  • Customize Blocklists
    Create and Distribute via API
+

Everything in Community

Advanced

Proactive defense and noise canceling

Custom
  • Advanced Targeted Blocklists
    Industry and Behavior specific IOCs
  • Personalized Integration
    Sophos,PaloAlto, Fortinet and more
  • Dedicated Success Manager
    Named contact for strategic guidance
+

Everything from Enterprise and Community

Complete Feature Comparison

Everything you need to make the right decision for your security needs

Feature
Community
Enterprise
Advanced
3
Unlimited
Unlimited
Access community-maintained and third-party blocklists for basic protection. Updated daily with contributions from the global CrowdSec network.
Unlimited
Unlimited
Access curated threat lists targeting specific attack types: CMS attackers, top aggressors, botnets, and CVE exploiters.
Manually manage your block and allow lists through the console. Provides granular control over your security policies.
Programmatically manage your block and allow lists via REST API. Facilitates integration with your custom security workflows for automated threat response.
Share your custom blocklists across multiple organizations or with partners. Perfect for MSPs managing multi-tenant environments or enterprises with subsidiary networks.
Access the complete platinum blocklists catalog including specialized threat feeds. Includes all industry-specific, behavior-based, and actor-type classifications.
Target attackers focusing on your sector: Banking, Healthcare, Hosting, Retail, IT Services, Education, or Public Sector. Blocks threats before they reach industry-specific apps.
Custom-crafted blocklists designed for your unique threat landscape and infrastructure. CrowdSec analyzes your attack patterns to build personalized protection profiles.
Specify the output format for your Blocklist as a Service endpoints, allowing for integration with various security tools and workflows.

Feature
Community
Enterprise
Advanced
Automatically receive new WAF AppSec rules, scenarios and parsers from the CrowdSec Hub as new attack patterns emerge. Protects against latest CVEs and techniques without manual intervention.
Track how many threats you've blocked, where they originated, and which remediation components are active. Provides visibility into your security posture and ROI.
View all security incidents across your infrastructure in one unified console. Aggregates alerts from distributed security engines for streamlined incident response.
Additional data precising the scope of the attack: path, user agent, referrer, and more. Helping you identify the attack's impact and origin.
30/week
100/week
Custom
Browse attackers reputation details: IP reputation, attack classification, MITRE ATT&CK techniques, CVE references, and geographic data. Reduces investigation time from hours to minutes.
Export alert data for compliance reporting, long-term analysis, or integration with external BI tools. Supports audit trails and regulatory requirements.
Lite
Full
Full
Leverage the power of the CrowdSec community to enhance your security posture. Benefit from collective intelligence and shared threat insights.
Store up to 1 year of incident history (vs 2 months for Community) enabling long-term trend analysis, pattern recognition, and compliance with data retention policies.
Machine learning-generated blocklist predicting which IPs will become malicious based on your organization's signals. Provides proactive protection before attacks materialize.
Centrally manage allow lists and block lists across all security engines from the console. Apply global override rules to prevent false positives or enforce custom policies.
Synchronizes security decisions across your entire organization (Security Engine and BLaaS endpoints), ensuring consistent threat protection everywhere.
Automatically suppress known benign patterns and reduce duplicate alerts. Leverages background noise detection to highlight only actionable security events.
Receive alerts when security engines go offline, become outdated, or experience configuration issues. Prevents gaps in coverage from unmonitored infrastructure changes.
Get alerted when attack volume surges beyond normal baselines, indicating potential targeted campaigns or coordinated attacks. Enables rapid incident escalation.
Automatically enroll new security engines into your organization as they're deployed. Streamlines infrastructure scaling without manual console configuration.
from $29/slot
Custom
Deploy security engines beyond your plan's base allocation.
Receive tailored deployment guidance, architecture review, and best practices consultation from CrowdSec engineers. Accelerates time-to-value and ensures optimal configuration.
CrowdSec experts develop custom detection scenarios and appSec rules for your unique applications, proprietary protocols, or industry-specific threats. Extends protection beyond pre-built Hub content.

Feature
Community
Enterprise
Advanced
30/week
100/week
Custom
Look up any IP address to see its attack history, behaviors, reputation score, and classifications. Accelerates threat investigation and incident response.
30/week
100/week
Search IPs by attack behavior: brute force, exploitation, scanning, DDoS, malware, etc. Uses CrowdSec's taxonomy to categorize threats and understand attacker motivations.
Browse 400+ CVEs actively exploited in the wild with real-world data from CrowdSec's network. Prioritize patching based on actual exploitation, not just CVSS scores.
10/day
30/day
Custom
Programmatic access to CrowdSec threat intelligence for SIEM/SOAR/TIPS integration. Returns 32+ enrichment criteria per IP.
From €200/2k
Custom
Purchase additional CTI API keys with separate quotas. Enables high-volume use cases like SIEM enrichment or multi-tenant MSSP deployments.
Sync CrowdSec CTI data to on-premises storage for air-gapped environments, regulatory compliance, or low-latency lookups. Maintains local cache of threat intelligence.
Embed CrowdSec security data into your products and services for commercial resale. Join the Partnership Program for specialized pricing and licensing.

Feature
Community
Enterprise
Advanced
Manage multiple organizations from a single account, each with isolated security engines, users, and configurations. Essential for MSPs and enterprises with business units.
3 seats
10 seats
Invite team members with role-based access to your CrowdSec organization. Share security visibility across SOC analysts, DevOps, and management without sharing credentials.
$5/seat
Custom
Invite more team members.
Ticket Support
1-open-day response
Community: Forum support. Premium: 5-day SLA via ticketing. Enterprise: 1-day SLA with priority escalation. Custom packages available for emergency bug fixes.

Our community loves us

Hear from our satisfied customers

« The numbers speaks for themselves. 11M attempts blocked by Palo Alto. 66M attempts block by CrowdSec with zero false positive. »
Nicolas Lung
Head of Operation at Trinaps
« We blocked 6 million attacks in just 2 hours after deploying CrowdSec. The results were even better than we expected. This is preemptive security at its best. »
Andreas Brogren
Principal Cyber Security Engineer at Region Östergötland
« CrowdSec helped us block approximately 95% of malicious bot traffic, significantly reducing the load on our servers and ensuring better performance for legitimate users." »
Kamil Czujowski
Performance and Application Engineer at ScaleCommerce
« In just one month, CrowdSec blocked 40,000+ malicious attempts at our firewall, eliminating noise and freeing our IT team from manual log analysis. For a global logistics company like ours, that’s 40,000 fewer risks to customer data, shipment systems, and operational continuity »
Michael Mierwinski
CFO and CIO at Mid America Overseas
« CrowdSec was also implemented on the group’s web front-ends, where it delivered immediate, visible results. The collaborative nature of the solution, coupled with high-quality, controlled data, has proven to be a game-changer for our security posture. »
Daniel Sendas
System and Network Administrator at Le Monde
« The numbers speaks for themselves. 11M attempts blocked by Palo Alto. 66M attempts block by CrowdSec with zero false positive. »
Nicolas Lung
Head of Operation at Trinaps
« We blocked 6 million attacks in just 2 hours after deploying CrowdSec. The results were even better than we expected. This is preemptive security at its best. »
Andreas Brogren
Principal Cyber Security Engineer at Region Östergötland
« CrowdSec helped us block approximately 95% of malicious bot traffic, significantly reducing the load on our servers and ensuring better performance for legitimate users." »
Kamil Czujowski
Performance and Application Engineer at ScaleCommerce
« In just one month, CrowdSec blocked 40,000+ malicious attempts at our firewall, eliminating noise and freeing our IT team from manual log analysis. For a global logistics company like ours, that’s 40,000 fewer risks to customer data, shipment systems, and operational continuity »
Michael Mierwinski
CFO and CIO at Mid America Overseas
« CrowdSec was also implemented on the group’s web front-ends, where it delivered immediate, visible results. The collaborative nature of the solution, coupled with high-quality, controlled data, has proven to be a game-changer for our security posture. »
Daniel Sendas
System and Network Administrator at Le Monde

Frequently Asked Questions

Find answers to common questions about our pricing and plans

Pricing - CrowdSec Console