Skip to main content

CrowdSec CTI - Cyber Threat Intelligence

Welcome to CrowdSec's Cyber Threat Intelligence (CTI) platform! Our CTI provides real-time threat intelligence data collected from the global CrowdSec community, helping you make informed security decisions.

Choose Your Experience

CrowdSec CTI offers two ways to access our threat intelligence data:

🌐 Web UI Experience

Perfect for security analysts and investigators who want an intuitive interface to explore threat data.

What you can do:

  • Search and analyze IP addresses with detailed threat reports
  • Explore threat intelligence using our advanced search capabilities
  • View real-time geolocation and risk assessments
  • Access predefined searches for common threat hunting scenarios
  • Browse the top most aggressive IPs attacking the community

Getting Started: Explore the Web UI →


🔧 API Integration

Ideal for developers and security engineers who want to integrate threat intelligence into their applications, SIEM, or security tools.

What you can do:

  • Programmatically query threat intelligence data
  • Integrate with existing security workflows and tools
  • Build custom threat hunting applications
  • Access the same data that powers our Web UI
  • Scale your security operations with automated threat lookups

Getting Started: API Documentation →


Community-Powered Intelligence

Our CTI data is powered by the CrowdSec community - a global network of security engines that share attack patterns and malicious IPs in real-time. This collaborative approach ensures:

  • Fresh Intelligence: Real-time updates from active attacks worldwide
  • High Quality: Community validation reduces false positives
  • Global Coverage: Intelligence from diverse geographical locations and attack vectors
  • Context-Rich: Detailed behavioral analysis and attack classifications

Ready to Get Started?

Choose your preferred method above, or explore our comprehensive documentation to learn more about threat taxonomy, integrations, and advanced features.