Sekoia XDR

CrowdSec's CTI API can be used in Sekoia XDR Playbooks to enrich alerts with CrowdSec's knowledge about the IP. You can learn more about Sekoia XDR Playbooks here.

Usage

Get your API key for CrowdSec CTI API by following this guide.

In your playbook you can now create a Node which calls CrowdSec's CTI API.

Configuring CrowdSec Node

Config Sekoia XDR Node

Following config is needed:

{"x-api-key":"", "User-Agent":"sekoia-playbook/v1.0.0"}

Don't forget to set the API key in the header x-api-key. Make sure you feed the IP address in the URL.

Example Full Playbook

Example Playbook

Example Results

Example Output

Usage​

Configuring CrowdSec Node​

Example Full Playbook​

Example Results​

Usage

Configuring CrowdSec Node

Example Full Playbook

Example Results