The CrowdSec Cortex Analyzer allows you to obtain a detailed report from CrowdSec's CTI smoke database.
Here is the source code of the analyzer and report template:
The CrowdSec analyzer is available in Cortex analyzers collection from version 3.2.0 and will be ready to use within your observables of type IP.
To add the CrowdSec analyzer to a case's observable you can refer to the offical documentation.
To complete/customize the template you can refer to this how to.
- For a case's observable of type IP click on preview
- Run the CrowdSec analyzer
- It should appear in the list
- Click on the analyze (fire) icon
- Check the report
- Once the analyze process is complete, click on the date to see the report.
- Note that if you run the analyzer again, multiple reports for each date will be available.