Getting Started
Welcome to CrowdSec’s Cyber Threat Intelligence (CTI)! This guide will help you navigate the home page and make the most of its features, from searching for IP details to exploring real-time threat insights. Let’s get started!
You can access the CTI home page here.
What Can You Find on the Home Page?
The CTI home page is designed to give you instant access to valuable threat intelligence. Here’s what you’ll find:
Search Bar
A powerful search bar at the top of the page allows you to:
- Search for any IP address to see detailed information about its activity, risk level, and geolocation. (Example:
192.168.0.0) - Use Lucene queries for more advanced searches to filter data based on specific criteria, such as threat type or country. Example queries:
reputation:maliciousbehaviors.label:"HTTP Bruteforce" AND location.country:"FR"
Check Your Own IP
A dedicated button lets you check the details of your own IP address with one click. When clicked, this feature automatically redirects you to your IP detail page.
Predefined Searches
To save time, the home page offers predefined searches showcasing typical use cases. These searches are built with Lucene queries and allow you to explore. Each predefined query is clickable, leading to a results page where you can further refine or explore the data.
Top 10 Most Aggressive IPs
A dynamic leaderboard displays the top 10 most aggressive IPs observed by CrowdSec in the last 24 hours. Each entry includes:
- The IP address.
- The attack type (e.g., brute force, DDoS).
- The geographical location of the IP.
- The IP range
- The AS
- The background noise level (More info here)
Clicking on an IP in the list takes you to its detail page, where you can explore its full profile.
Start exploring the CTI home page here and discover the latest threat intelligence to protect your infrastructure.
