CrowdSec is a participative, free, and open-source IPS.
It detects unwanted behaviors in applications & systems logs and enforces remediation at the appropriate place (firewall, Rproxy, application, etc.). The remediation can be of any sort (MFA, Captcha, Drop, …).
The primary strength of the product comes from its user network, where machines automatically share aggressive IP addresses that attack them. Combining both the behavior engine and this highly distributed threat protection system helps clients to form a global defense shield.