diff --git a/Using-Security-Tools-with-Paperless-ngx.md b/Using-Security-Tools-with-Paperless-ngx.md
index 4c2261d..876e847 100644
--- a/Using-Security-Tools-with-Paperless-ngx.md
+++ b/Using-Security-Tools-with-Paperless-ngx.md
@@ -1,3 +1,26 @@
+# Crowdsec
+> [Crowdsec](https://www.crowdsec.net/) is a crowdsourced intrusion detection and prevention system (IDS/IPS) that will detect suspicious login activity and ban IP addresses. These bans result from both a) local detection of e.g. brute-force login attempts based on the Paperless-ngx log files and b) the real-time community feed of aggressive IPs (IPs that show malicious activity within the Crowdsec user community, will be added to this list).
+
+1. Install the [Paperless-ngx collection](https://hub.crowdsec.net/author/andreasbrett/collections/paperless-ngx) via Crowdsec's `cscli` tool.
+
+`sudo cscli collections install andreasbrett/paperless-ngx`
+
+2. Point Crowdsec to your Paperless-ngx logfile
+
+Edit `/etc/crowdsec/acquis.yaml` with your preferred text editor and add a section pointing to the location of your Paperless-ngx log. If you have set up Paperless-ngx as a Docker container the log file will reside within the volume you configured. The absolute path for Docker volumes should be `/var/lib/docker/volumes/...`.
+
+```
+---
+filenames:
+    - /var/lib/docker/volumes/paperless_data/_data/log/paperless.log
+labels:
+    type: Paperless-ngx
+```
+
+3. Reload Crowdsec configuration
+
+`sudo systemctl reload crowdsec`
+
 # Fail2ban
 > Fail2ban is a powerful tool for securing your server by monitoring log files for suspicious activity and banning IP addresses that exhibit malicious behavior.