Vendors, Products & Tags
The Live Exploit Tracker provides lookup endpoints to explore the coverage landscape. These help answer questions like "what WordPress vulnerabilities are being tracked?", "which Citrix products are covered?", or "what enterprise software threats should I monitor?"
Tags
Tags are technology categories applied to CVEs and fingerprint rules (e.g., wordpress, cms, enterprise_software, file_sharing).
List All Tags
GET /v1/tags
- cURL
- Python
curl -X 'GET' \
'https://admin.api.crowdsec.net/v1/tags' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}'
import os
import httpx
KEY = os.getenv("CROWDSEC_SERVICE_API_KEY")
headers = {"x-api-key": KEY, "accept": "application/json"}
response = httpx.get("https://admin.api.crowdsec.net/v1/tags", headers=headers)
response.raise_for_status()
for tag in response.json()["items"]:
print(f"{tag['value']}: {tag['nb_cves']} CVEs, {tag['nb_fingerprints']} fingerprints, "
f"{tag['nb_ips_cves'] + tag['nb_ips_fingerprints']} total IPs")
Each tag includes:
| Field | Type | Description |
|---|---|---|
value | string | Tag name |
nb_cves | integer | Number of CVEs with this tag |
nb_fingerprints | integer | Number of fingerprint rules with this tag |
nb_ips_cves | integer | Total attacker IPs across CVEs with this tag |
nb_ips_fingerprints | integer | Total attacker IPs across fingerprint rules with this tag |
latest_rule_release | datetime | Most recent detection rule release for this tag |
Get Tag Impact
View all CVEs and fingerprint rules associated with a specific tag:
GET /v1/tags/{tag}
curl -X 'GET' \
'https://admin.api.crowdsec.net/v1/tags/wordpress' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}'
Vendors
Vendors are the organizations responsible for the affected software (e.g., Microsoft, Citrix, WordPress).
List All Vendors
GET /v1/vendors
curl -X 'GET' \
'https://admin.api.crowdsec.net/v1/vendors?page=1&size=20' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}'
Each vendor includes the same statistics as tags: number of CVEs, fingerprint rules, and attacker IPs.
Get Vendor Impact
View all CVEs and fingerprint rules affecting a specific vendor's products:
GET /v1/vendors/{vendor}
curl -X 'GET' \
'https://admin.api.crowdsec.net/v1/vendors/Microsoft' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}'
Subscribe an Integration to a Vendor
Subscribing an integration to a vendor automatically covers all current and future CVEs and reconnaissance rules for that vendor's products. When a new CVE or reconnaissance rule is added for the vendor, the integration's blocklist is updated automatically — no action needed on your part.
POST /v1/vendors/{vendor}/integrations
- cURL
- Python
curl -X 'POST' \
'https://admin.api.crowdsec.net/v1/vendors/Microsoft/integrations' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}' \
-H 'Content-Type: application/json' \
-d '{"name": "production_firewall"}'
import os
import httpx
KEY = os.getenv("CROWDSEC_SERVICE_API_KEY")
headers = {"x-api-key": KEY, "accept": "application/json", "Content-Type": "application/json"}
response = httpx.post(
"https://admin.api.crowdsec.net/v1/vendors/Microsoft/integrations",
headers=headers,
json={"name": "production_firewall"},
)
response.raise_for_status()
print("Subscribed to Microsoft")
Vendor subscriptions are the simplest way to get broad coverage for your technology stack. Subscribe to the vendors you rely on, and you'll automatically be protected against all tracked threats for their products — including new ones added in the future.
List Subscribed Integrations for a Vendor
GET /v1/vendors/{vendor}/integrations
curl -X 'GET' \
'https://admin.api.crowdsec.net/v1/vendors/Microsoft/integrations' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}'
Unsubscribe an Integration from a Vendor
DELETE /v1/vendors/{vendor}/integrations/{integration_name}
curl -X 'DELETE' \
'https://admin.api.crowdsec.net/v1/vendors/Microsoft/integrations/production_firewall' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}'
Products
Products are specific software applications (e.g., Exchange Server, BIG-IP, WordPress).
List All Products
GET /v1/products
curl -X 'GET' \
'https://admin.api.crowdsec.net/v1/products?page=1&size=20' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}'
Get Product Impact
View all CVEs and fingerprint rules affecting a specific product:
GET /v1/products/{product}
curl -X 'GET' \
'https://admin.api.crowdsec.net/v1/products/Exchange%20Server' \
-H 'accept: application/json' \
-H 'x-api-key: ${KEY}'
Use Cases
These lookup endpoints are particularly useful for:
- Asset-based monitoring: "Show me all tracked threats for the products in my technology stack."
- Coverage assessment: "How many vulnerabilities affecting WordPress does CrowdSec track?"
- Reporting: "What's the overall threat landscape for enterprise software this month?"
- Vendor subscriptions: Subscribe an integration to your vendors and automatically receive blocklist coverage for all their current and future CVEs and reconnaissance rules — no scripting required.