SRINILREDDY/crowdsec-threat-detection-aws

# CrowdSec Threat Detection on AWS EC2 ## Project Overview This project demonstrates how to use CrowdSec on an AWS EC2 instance to detect and block suspicious SSH login attempts automatically. The setup was deployed on Amazon Linux 2023 running on AWS EC2. ## Technologies Used - AWS EC2 - Amazon Linux 2023 - CrowdSec - Linux Commands - SSH Security Monitoring ## Features - Installed CrowdSec on AWS EC2 - Monitored SSH brute-force attempts - Generated security alerts - Automatically banned suspicious IP addresses - Verified CrowdSec service status - Used Linux system monitoring commands ## What CrowdSec Detects CrowdSec analyzes system logs and detects suspicious activities such as: - SSH brute-force attacks - Multiple failed login attempts - Malicious IP activity - Automated bot attacks - Unauthorized access attempts When suspicious behavior is detected, CrowdSec can automatically ban the attacking IP address. ## Detection Result During testing, CrowdSec detected suspicious SSH activity and generated alerts automatically. The malicious IP address was added to the decision list and blocked successfully.