Skip to main content

Introduction

Objective

Welcome to the documentation section dedicated to Crowdsec's CTI API. The data you access via this API is fed chiefly by Crowdsec instances worldwide.

Datasets

Crowdsec's CTI API presents two primary datasets :

  • fire dataset reflects the content of the community blocklist with more context.
  • smoke dataset reflects most of the IPs reported by Crowdsec users

note: The ratio of fire to smoke is around 1% at the time of writting

CTI Information

When querying the CTI API about a given IP, you will get to know more about:

  • What it does: observed behaviors, targetted protocols, exploited vulnerabilities, etc.
  • To what categories does it belong: proxy/VPN, CDN exit node, Legit security scanner, etc.
  • What it targets: Countries, services, etc.
  • Existing cross-references: Existing lists, etc.
  • How virulent it is
  • For how long it has been reported by users
  • The confidence level of the information
  • And so on

How to access it

See the getting started section to see how to get your API key and start exploring data. The console can also show a lighter version of the CTI API data.

CrowdSec ConsoleCrowdSec Console