diff --git a/blueprints/crowdsec/crowdsec_logo.png b/blueprints/crowdsec/crowdsec_logo.png
new file mode 100644
index 00000000..6b2953da
Binary files /dev/null and b/blueprints/crowdsec/crowdsec_logo.png differ
diff --git a/blueprints/crowdsec/docker-compose.yml b/blueprints/crowdsec/docker-compose.yml
new file mode 100644
index 00000000..ae9ab573
--- /dev/null
+++ b/blueprints/crowdsec/docker-compose.yml
@@ -0,0 +1,31 @@
+# --------------------------------------------------------------------------------
+# note: this is the minimal crowdsec container
+# this compose file prepared to work with two key remediation engines
+# install and configure them via links below:
+# traefik bouncer plugin | https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin
+# firewall bouncer (iptables) | https://docs.crowdsec.net/u/bouncers/firewall/
+# --------------------------------------------------------------------------------
+services:
+  crowdsec:
+    image: crowdsecurity/crowdsec:latest
+    environment:
+      GID: "${GID-1000}"
+      COLLECTIONS: "crowdsecurity/linux crowdsecurity/traefik crowdsecurity/http-cve"
+    volumes:
+      - ../files/acquis.yaml:/etc/crowdsec/acquis.yaml # https://docs.crowdsec.net/u/getting_started/post_installation/acquisition_new/
+      - crowdsec-db:/var/lib/crowdsec/data/
+      - crowdsec-config:/etc/crowdsec/
+      - /etc/dokploy/traefik/dynamic/access.log:/var/log/traefik/access.log:ro # make sure access log is enabled in dokploy
+      - ${AUTH_LOG_PATH}:/var/log/ssh/auth.log:ro
+      # - /var/log/fail2ban.log:/var/log/fail2ban/fail2ban.log:ro # uncomment if you have fail2ban installed on the system
+    security_opt:
+      - no-new-privileges:true
+    # uncomment these two lines if you intent to use firewall bouncer installed natively on the host
+    # ports: 
+    #  - "127.0.0.1:8080:8080" # local binding only, necessary for firewall-iptables-bouncer to connect to container's lapi
+    labels:
+      - traefik.enable=false
+    restart: unless-stopped
+volumes:
+  crowdsec-db:
+  crowdsec-config:
\ No newline at end of file
diff --git a/blueprints/crowdsec/template.toml b/blueprints/crowdsec/template.toml
new file mode 100644
index 00000000..65b8dbd1
--- /dev/null
+++ b/blueprints/crowdsec/template.toml
@@ -0,0 +1,9 @@
+[variables]
+auth_log_path = "/var/log/auth.log"
+
+[config]
+mounts = []
+domains = []
+
+[config.env]
+AUTH_LOG_PATH = "${auth_log_path}"
\ No newline at end of file
diff --git a/meta.json b/meta.json
index 370b3ab2..941b6bdc 100644
--- a/meta.json
+++ b/meta.json
@@ -1332,6 +1332,22 @@
       "storage"
     ]
   },
+  {
+    "id": "crowdsec",
+    "name": "Crowdsec",
+    "version": "latest",
+    "description": "CrowdSec provides open source solution for detecting and blocking malicious IPs, safeguarding both infrastructure and application security.",
+    "logo": "crowdsec_logo.png",
+    "links": {
+      "github": "https://github.com/crowdsecurity/crowdsec",
+      "website": "https://crowdsec.net/",
+      "docs": "https://docs.crowdsec.net"
+    },
+    "tags": [
+      "security",
+      "firewall"
+    ]
+  },
   {
     "id": "cyberchef",
     "name": "CyberChef",