SDKs & Libraries

CrowdSec provides official SDKs to simplify integration with the Live Exploit Tracker API. These libraries handle authentication, request construction, response parsing, and provide typed models for a better developer experience.

Python SDK

The official Python SDK is the recommended way to interact with the API from Python applications, scripts, and automation pipelines.

Installation

pip install crowdsec_service_api

Requirements: Python 3.11+

Source: github.com/crowdsecurity/crowdsec-service-api-sdk-python

Authentication

import os
from crowdsec_service_api import ApiKeyAuth, Server

KEY = os.getenv("CROWDSEC_SERVICE_API_KEY")

# Configure authentication
auth = ApiKeyAuth(api_key=KEY)

# The SDK automatically uses the production server URL
# You can also set it explicitly:
# base_url = Server.production_server.value

Service Classes

The SDK provides typed service classes for each API domain:

Service Class	Purpose	Key Methods
`Cves`	CVE intelligence	`get_cves()`, `get_cve()`, `get_cve_ips()`
`Integrations`	Firewall integration management	`get_integrations()`, `create_integration()`, `update_integration()`, `delete_integration()`

Examples

import os
from crowdsec_service_api import Cves, ApiKeyAuth
from httpx import HTTPStatusError

KEY = os.getenv("CROWDSEC_SERVICE_API_KEY")
auth = ApiKeyAuth(api_key=KEY)
cves_service = Cves(auth=auth)

try:
    response = cves_service.get_cves(page=1, size=10)
    for cve in response.items:
        print(f"{cve.name}: CrowdSec Score={cve.crowdsec_score}, "
              f"Phase={cve.exploitation_phase.label}, "
              f"IPs={cve.nb_ips}")
except HTTPStatusError as e:
    print(f"Error: {e.response.status_code} - {e.response.text}")

Get detailed CVE intelligence

try:
    cve = cves_service.get_cve("CVE-2024-25600")
    print(f"Title: {cve.title}")
    print(f"CrowdSec Score: {cve.crowdsec_score}")
    print(f"Phase: {cve.exploitation_phase.label}")
    print(f"Analysis: {cve.crowdsec_analysis[:200]}...")
except HTTPStatusError as e:
    print(f"Error: {e.response.status_code} - {e.response.text}")

Retrieve attacker IPs for a CVE

try:
    response = cves_service.get_cve_ips("CVE-2024-25600", page=1, size=10)
    for ip_item in response.items:
        print(f"{ip_item.ip}: reputation={ip_item.reputation}, "
              f"country={ip_item.location.country}")
except HTTPStatusError as e:
    print(f"Error: {e.response.status_code} - {e.response.text}")

Create and manage a firewall integration

from crowdsec_service_api import (
    Integrations, IntegrationCreateRequest,
    IntegrationType, OutputFormat, ApiKeyAuth,
)

integrations_service = Integrations(auth=auth)

# Create
request = IntegrationCreateRequest(
    name="paloalto_production",
    description="Production Palo Alto firewall - CVE blocklist",
    entity_type=IntegrationType.FIREWALL_INTEGRATION.value,
    output_format=OutputFormat.PALOALTO.value,
)
response = integrations_service.create_integration(request=request)
print(f"Integration ID: {response.id}")
# IMPORTANT: Save the credentials — they are only shown once!

Other Languages

Need the API in another language? The REST API is straightforward to call from any HTTP client — see Authentication & Setup for the base URL and authentication details, and the API Reference for the full OpenAPI specification.

If you'd like to see an official SDK for your language, let us know on GitHub or Discord.

Python SDK​

Installation​

Authentication​

Service Classes​

Examples​

List trending CVEs​

Get detailed CVE intelligence​

Retrieve attacker IPs for a CVE​

Create and manage a firewall integration​

Other Languages​