Skip to main content

Introduction

CrowdSec CTI Taxonomy

The CrowdSec CTI Taxonomy is designed to help users fully understand and effectively utilize the data returned by the CrowdSec CTI API.

By organizing threat intelligence into structured and actionable categories, it enables better anticipation of potential threats.

Key Aspects

This section covers the following key aspects:

  • CTI Format: The complete structure and fields returned by the CrowdSec API, providing a detailed view of the data for each queried IP address.
  • CTI Scores: Detailed assessments computed for an IP address over different periods (daily, weekly, monthly, and overall).
  • Behaviors: List of defined behaviors linked to an IP address, providing context for its activity.
  • Classifications: Category of an IP address, helping to identify whether an IP is part of a known group, network or other defined role, providing important context to understand its potential behavior.
  • False Positives: Categories of potential false positives, ensuring accurate analysis and interpretation of API results.
  • Scenarios: A detailed view of the scenarios that triggered reports for an IP address, helping to identify patterns or threats.
CrowdSec ConsoleCrowdSec Console