Safe Classifications
IPs in this category are considered completely safe and trusted. Alerts triggered by these IPs are likely due to misconfiguration or overly sensitive alerting rules.
IPs belonging to those categories will have the safe
reputation.
How to Get Tagged as Safe
To be able to be classified as a safe IP, you need a proper technical justification of why your IP might be misclassified as a threat. This part is to be reviewed and validated by crowdsec.
You also need public documentation stating the IP, ranges, and/or reverse DNS associated with the assets in question. This data must be machine-readable (no HTML, no PDF, etc.).
Once your IP addresses are publicly available and accessible via HTTPS, you can contact support@crowdsec.net. Please include the URL of your IPs and ranges.
The CrowdSec team will do their best to update the CTI with false positive information, so your IPs are flagged correctly.
Here are some examples of providers who share their IPs and ranges:
You don’t need to follow a specific format for the exposed list, but it’s recommended to keep the same format over time. Otherwise, the false positive enrichment may stop working.
It’s best to use CSV or JSON for the list format.