Security Engine No Remediation Component
The Security Engine No Remediation Component issue appears when a Security Engine has no Remediation Component (bouncer) registered against it.
A Security Engine that detects threats but has no Remediation Component attached cannot act on its decisions — attackers are detected but never blocked.
What Triggers This Issue
- Trigger condition: Security Engine has no Remediation Component registered
- Criticality: 💡 Recommended
- Impact: Threats are detected but no remediation action is taken — your infrastructure is not actively protected.
Common Root Causes
- No Remediation Component installed: No bouncer has been installed and registered to this Security Engine.
- Intentional — this Security Engine is detection-only: The absence of a local RC is deliberate and this alert can be safely ignored.
Diagnosis & Resolution
No Remediation Component installed
🔎 Check registered bouncers
Verify which Remediation Components are currently registered with this Security Engine:
- You can check directly in the console's Security Engine details page
- Or via the following command line:
sudo cscli bouncers list
Run this command for Docker or Kubernetes
Docker
docker exec crowdsec cscli bouncers list
Kubernetes
kubectl exec -n crowdsec -it $(kubectl get pods -n crowdsec -l type=lapi -o name) -- cscli bouncers list
If the list is empty, it confirms that no Remediation Component is registered.
🛠️ Install and/or register a Remediation Component
Choose and install a Remediation Component suited to your infrastructure:
- cs-firewall-bouncer — blocks IPs at the OS firewall level (nftables/iptables)
- cs-nginx-bouncer — blocks at the NGINX web server level
- cs-traefik-bouncer — blocks at the Traefik reverse proxy level
- More options available on the Remediation Components page
Typical Remediation Component auto-registers during installation, verify registration:
sudo cscli bouncers list
If it doesn't appear after installation follow the bouncer registration guide Don't forget to update the credentials in the bouncer config and restart it
Intentional — this Security Engine is detection-only
If you knowingly have no Remediation Component on this Security Engine, this alert can be ignored. A few common intentional setups:
-
Remediation handled by another Security Engine: Your bouncers are registered against a different LAPI in your infrastructure. Decisions from this SE are not automatically enforced there.
-
Perimeter protection via a Blocklist Integration: You rely on a BLaaS integration (e.g. a firewall or CDN at the edge) for enforcement and only want this SE for detection and signal sharing. This is a valid architecture.
-
Other intentional reason (custom remediation pipeline, testing/staging environment, detection-only node, etc.): You know what you're doing — this alert does not indicate a problem.
Verify Resolution
After registering a Remediation Component:
- Check registration:
sudo cscli bouncers list
The bouncer should appear with a recent Last Pull timestamp.
You'll also see it appear in the console's Security Engine details page
Related Issues
- Security Engine Offline — If the Security Engine itself is not reporting
- Security Engine No Alerts — If the Security Engine is not generating decisions to enforce
Getting Help
If you need help choosing or installing a Remediation Component:
- Browse the Remediation Components catalog
- Ask on Discord with your infrastructure details
- Check Discourse for setup examples
