Vendors, Products & Tags

The Live Exploit Tracker provides lookup endpoints to explore the coverage landscape. These help answer questions like "what WordPress vulnerabilities are being tracked?", "which Citrix products are covered?", or "what enterprise software threats should I monitor?"

Tags

Tags are technology categories applied to CVEs and fingerprint rules (e.g., wordpress, cms, enterprise_software, file_sharing).

List All Tags

GET /v1/tags

cURL
Python

curl -X 'GET' \
  'https://admin.api.crowdsec.net/v1/tags' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}'

import os
import httpx

KEY = os.getenv("CROWDSEC_SERVICE_API_KEY")
headers = {"x-api-key": KEY, "accept": "application/json"}

response = httpx.get("https://admin.api.crowdsec.net/v1/tags", headers=headers)
response.raise_for_status()

for tag in response.json()["items"]:
    print(f"{tag['value']}: {tag['nb_cves']} CVEs, {tag['nb_fingerprints']} fingerprints, "
          f"{tag['nb_ips_cves'] + tag['nb_ips_fingerprints']} total IPs")

Each tag includes:

Field	Type	Description
`value`	string	Tag name
`nb_cves`	integer	Number of CVEs with this tag
`nb_fingerprints`	integer	Number of fingerprint rules with this tag
`nb_ips_cves`	integer	Total attacker IPs across CVEs with this tag
`nb_ips_fingerprints`	integer	Total attacker IPs across fingerprint rules with this tag
`latest_rule_release`	datetime	Most recent detection rule release for this tag

Get Tag Impact

View all CVEs and fingerprint rules associated with a specific tag:

GET /v1/tags/{tag}

curl -X 'GET' \
  'https://admin.api.crowdsec.net/v1/tags/wordpress' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}'

Vendors

Vendors are the organizations responsible for the affected software (e.g., Microsoft, Citrix, WordPress).

List All Vendors

GET /v1/vendors

curl -X 'GET' \
  'https://admin.api.crowdsec.net/v1/vendors?page=1&size=20' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}'

Each vendor includes the same statistics as tags: number of CVEs, fingerprint rules, and attacker IPs.

Get Vendor Impact

View all CVEs and fingerprint rules affecting a specific vendor's products:

GET /v1/vendors/{vendor}

curl -X 'GET' \
  'https://admin.api.crowdsec.net/v1/vendors/Microsoft' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}'

Subscribing an integration to a vendor automatically covers all current and future CVEs and reconnaissance rules for that vendor's products. When a new CVE or reconnaissance rule is added for the vendor, the integration's blocklist is updated automatically — no action needed on your part.

POST /v1/vendors/{vendor}/integrations

cURL
Python

curl -X 'POST' \
  'https://admin.api.crowdsec.net/v1/vendors/Microsoft/integrations' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}' \
  -H 'Content-Type: application/json' \
  -d '{"name": "production_firewall"}'

import os
import httpx

KEY = os.getenv("CROWDSEC_SERVICE_API_KEY")
headers = {"x-api-key": KEY, "accept": "application/json", "Content-Type": "application/json"}

response = httpx.post(
    "https://admin.api.crowdsec.net/v1/vendors/Microsoft/integrations",
    headers=headers,
    json={"name": "production_firewall"},
)
response.raise_for_status()
print("Subscribed to Microsoft")

Vendor subscriptions are the simplest way to get broad coverage for your technology stack. Subscribe to the vendors you rely on, and you'll automatically be protected against all tracked threats for their products — including new ones added in the future.

List Subscribed Integrations for a Vendor

GET /v1/vendors/{vendor}/integrations

curl -X 'GET' \
  'https://admin.api.crowdsec.net/v1/vendors/Microsoft/integrations' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}'

Unsubscribe an Integration from a Vendor

DELETE /v1/vendors/{vendor}/integrations/{integration_name}

curl -X 'DELETE' \
  'https://admin.api.crowdsec.net/v1/vendors/Microsoft/integrations/production_firewall' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}'

Products

Products are specific software applications (e.g., Exchange Server, BIG-IP, WordPress).

List All Products

GET /v1/products

curl -X 'GET' \
  'https://admin.api.crowdsec.net/v1/products?page=1&size=20' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}'

Get Product Impact

View all CVEs and fingerprint rules affecting a specific product:

GET /v1/products/{product}

curl -X 'GET' \
  'https://admin.api.crowdsec.net/v1/products/Exchange%20Server' \
  -H 'accept: application/json' \
  -H 'x-api-key: ${KEY}'

Use Cases

These lookup endpoints are particularly useful for:

Asset-based monitoring: "Show me all tracked threats for the products in my technology stack."
Coverage assessment: "How many vulnerabilities affecting WordPress does CrowdSec track?"
Reporting: "What's the overall threat landscape for enterprise software this month?"
Vendor subscriptions: Subscribe an integration to your vendors and automatically receive blocklist coverage for all their current and future CVEs and reconnaissance rules — no scripting required.

Tags​

List All Tags​

Get Tag Impact​

Vendors​

List All Vendors​

Get Vendor Impact​

Subscribe an Integration to a Vendor​

List Subscribed Integrations for a Vendor​

Unsubscribe an Integration from a Vendor​

Products​

List All Products​

Get Product Impact​

Use Cases​