Documentation Home Maltego Academy Maltego Blog Contact Us
Welcome
Login
Open navigation

CrowdSec

Modified on: Wed, 28 Aug, 2024 at 4:08 PM

Overview

CrowdSec’s Maltego integration consists of 11 Transforms that allow analysts and investigators to gather malicious IP information and/or enrich IPs with information from CrowdSec’s CTI - a crowd-sourced database that consists of tens of thousands of malicious IPs updated in real-time.


CrowdSec is an open-source security stack that detects aggressive behaviors and prevents them from accessing your systems. Once an unwanted behavior is detected, it is automatically blocked.


The aggressive IP, scenario triggered, and the timestamp are sent for curation, to avoid poisoning and false positives. This IP is then redistributed to all CrowdSec users running the same scenario if verified.


CrowdSec Transforms in Maltego


You can read more about CrowdSec's Transforms for Maltego on our website here.

Crowdsec Transforms

CrowdSec AS Transform

Description

Adds AS entity for an IP by leveraging CrowdSec CTI data

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec AS Transform
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsecas
Short DescriptionAdds AS entity for an IP by leveraging CrowdSec CTI data
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.AS

CrowdSec Activity Details

Description

Adds activity details properties to an IP using crowdsec data.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec Activity Details
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsecactivity
Short DescriptionAdds activity details properties to an IP using crowdsec data.
Input Entitiesmaltego.IPv4Address
Output Entities 

CrowdSec IP CTI

Description

Attaches CrowdSec CTI API response as a property to IP entity.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec IP CTI
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsecaddapiresp
Short DescriptionAttaches CrowdSec CTI API response as a property to IP entity.
Input Entitiesmaltego.IPv4Address
Output Entities 

CrowdSec Behaviour

Description

Creates a behaviour entity for an IP by leveraging CrowdSec CTI data

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec Behaviour
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsecbehaviours
Short DescriptionCreates a behaviour entity for an IP by leveraging CrowdSec CTI data
Input Entitiesmaltego.IPv4Address
Output Entitiescrowdsec.behaviour

CrowdSec Classification

Description

Creates classification details entities for an IP using CrowdSec data.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec Classification
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsecclassification
Short DescriptionCreates classification details entities for an IP using CrowdSec data.
Input Entitiesmaltego.IPv4Address
Output Entitiescrowdsec.classification

CrowdSec IP Range

Description

Creates an IP range entity for an IP by leveraging CrowdSec CTI data

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec IP Range
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdseciprange
Short DescriptionCreates an IP range entity for an IP by leveraging CrowdSec CTI data
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.Netblock

CrowdSec Location

Description

Adds location entities by leveraging CrowdSec CTI data.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec Location
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdseclocation
Short DescriptionAdds location entities by leveraging CrowdSec CTI data.
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.Location

CrowdSec Reverse DNS

Description

Creates Reverse DNS entity for an IP by leveraging CrowdSec CTI data

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec Reverse DNS
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsecreversedns
Short DescriptionCreates Reverse DNS entity for an IP by leveraging CrowdSec CTI data
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.DNSName

CrowdSec Scenario

Description

Creates entites for scenarios triggered by IP using CrowdSec CTI data.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec Scenario
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsecscenarios
Short DescriptionCreates entites for scenarios triggered by IP using CrowdSec CTI data.
Input Entitiesmaltego.IPv4Address
Output Entitiescrowdsec.scenario

CrowdSec Score

Description

Adds score details for an IP by using CrowdSec CTI.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec Score
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsecscores
Short DescriptionAdds score details for an IP by using CrowdSec CTI.
Input Entitiesmaltego.IPv4Address
Output Entities 

CrowdSec Target Country

Description

Links IP entity with countries most attacked by it, using CrowdSec data.

Transform Settings

Setting NameDisplay NameSetting TypeDefault ValueOptionalPopupAuthentication
global#crowdsec_api_cache_ttl_in_secondsCrowdSec Cacheint120TrueTrueFalse
global#crowdsec_api_keyAPI Keystring TrueTrueFalse

Transform Meta Info

InformationValue
Display NameCrowdSec Target Country
OwnerMaltego Technologies
AuthorMaltego Technologies support@maltego.com
Data Source 
Transform Namecrowdsectargetcountries
Short DescriptionLinks IP entity with countries most attacked by it, using CrowdSec data.
Input Entitiesmaltego.IPv4Address
Output Entitiesmaltego.Country


Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.

Search all Maltego Guides:

Interested? Get your free demo
Questions? Contact us

© 2024 by Maltego Technologies.