API docs by Redocly

CrowdSieve API (0.5.1)

Download OpenAPI specification:

CrowdSec CAPI filtering proxy — internal management API + signals passthrough.

health

Liveness probe

Returns the proxy status and current server timestamp.

Authorizations:
ApiKey

Responses

Response samples

Content type
application/json
{
  • "status": "string",
  • "timestamp": "string"
}

alerts

List alerts with filters

Authorizations:
ApiKey
query Parameters
limit
integer [ 1 .. 1000 ]
Default: 100
offset
integer >= 0
Default: 0
filtered
boolean
forwardedToCapi
boolean
scenario
string <= 200 characters
country
string^[A-Z]{2}$

ISO 3166-1 alpha-2 country code

machineId
string <= 255 characters ^[a-zA-Z0-9_\-.:]+$
ip
string
since
string <date-time>

ISO 8601 date-time string

until
string <date-time>

ISO 8601 date-time string

newerThan
string <date-time>

ISO 8601 date-time string

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Get a single alert by ID

Authorizations:
ApiKey
path Parameters
id
required
integer >= 1

Responses

Response samples

Content type
application/json
{
  • "id": 0,
  • "uuid": "string",
  • "machineId": "string",
  • "scenario": "string",
  • "scenarioHash": "string",
  • "scenarioVersion": "string",
  • "message": "string",
  • "eventsCount": 0,
  • "capacity": 0,
  • "leakspeed": "string",
  • "startAt": "string",
  • "stopAt": "string",
  • "createdAt": "string",
  • "receivedAt": "string",
  • "simulated": true,
  • "remediation": true,
  • "hasDecisions": true,
  • "replicated": true,
  • "sourceScope": "string",
  • "sourceValue": "string",
  • "sourceIp": "string",
  • "sourceRange": "string",
  • "sourceAsNumber": "string",
  • "sourceAsName": "string",
  • "sourceCn": "string",
  • "geoCountryCode": "string",
  • "geoCountryName": "string",
  • "geoCity": "string",
  • "geoRegion": "string",
  • "geoLatitude": 0,
  • "geoLongitude": 0,
  • "geoTimezone": "string",
  • "geoIsp": "string",
  • "geoOrg": "string",
  • "filtered": true,
  • "filterReasons": "string",
  • "forwardedToCapi": true,
  • "forwardedAt": "string",
  • "localAudit": true,
  • "actor": "string",
  • "rawJson": "string"
}

stats

Get aggregate alert statistics

Authorizations:
ApiKey

Responses

Response samples

Content type
application/json
{
  • "total": 0,
  • "filtered": 0,
  • "forwarded": 0,
  • "topScenarios": [
    ],
  • "allScenarios": [
    ],
  • "topCountries": [
    ],
  • "timeBounds": {
    }
}

Get time distribution statistics

Authorizations:
ApiKey
query Parameters
string or string or string

Lookback window: 7 days, 30 days, or all-time

Responses

Response samples

Content type
application/json
{
  • "byDayOfWeek": [
    ],
  • "byHourOfDay": [
    ],
  • "byCountry": [
    ],
  • "byScenario": [
    ],
  • "dailyTrend": [
    ],
  • "totalAlerts": 0,
  • "dateRange": {
    }
}

Get decision statistics

Authorizations:
ApiKey
query Parameters
string or string or string

Lookback window: 7 days, 30 days, or all-time

Responses

Response samples

Content type
application/json
{
  • "totalDecisions": 0,
  • "byDayOfWeek": [
    ],
  • "byHourOfDay": [
    ],
  • "byDurationCategory": [
    ],
  • "topScenarios": [
    ],
  • "byCountry": [
    ]
}

ip-info

Get reverse DNS and WHOIS info for an IP

Authorizations:
ApiKey
path Parameters
ip
required
string [ 1 .. 64 ] characters

Responses

Response samples

Content type
application/json
{
  • "ip": "string",
  • "reverseDns": [
    ],
  • "whois": {
    },
  • "error": "string"
}

lapi

List configured LAPI servers

Authorizations:
ApiKey

Responses

Response samples

Content type
application/json
[
  • {
    }
]

decisions

Search decisions for an IP across all configured LAPI servers

Authorizations:
ApiKey
query Parameters
ip
required
string non-empty

Responses

Response samples

Content type
application/json
{
  • "ip": "string",
  • "results": [
    ],
  • "shared": [
    ]
}

Issue a manual ban decision via a LAPI server

Authorizations:
ApiKey
Request Body schema: application/json
required
server
required
string^[a-zA-Z0-9_-]+$
ip
required
string non-empty
duration
required
string^\d+[smh]$

Duration like 30s, 5m, 4h, 24h

reason
required
string [ 1 .. 500 ] characters

Responses

Request samples

Content type
application/json
{
  • "server": "string",
  • "ip": "string",
  • "duration": "string",
  • "reason": "string"
}

Response samples

Content type
application/json
{
  • "success": true,
  • "message": "string",
  • "server": "string"
}

Delete a decision from a LAPI server

Authorizations:
ApiKey
path Parameters
id
required
integer >= 1
query Parameters
server
required
string^[a-zA-Z0-9_-]+$
Request Body schema: application/json
required
reason
required
string [ 1 .. 500 ] characters
ip
required
string non-empty

Responses

Request samples

Content type
application/json
{
  • "reason": "string",
  • "ip": "string"
}

Response samples

Content type
application/json
{
  • "success": true,
  • "message": "string",
  • "server": "string"
}

analyzers

List analyzers and their current status

Authorizations:
ApiKey

Responses

Response samples

Content type
application/json
{
  • "enabled": true,
  • "analyzers": [
    ]
}

Get analyzer details

Authorizations:
ApiKey
path Parameters
id
required
string non-empty

Responses

Response samples

Content type
application/json
{
  • "analyzer": { },
  • "status": {
    }
}

Get analyzer run history

Authorizations:
ApiKey
path Parameters
id
required
string non-empty
query Parameters
limit
integer [ 1 .. 100 ]
Default: 10

Responses

Response samples

Content type
application/json
{
  • "runs": [
    ]
}

Manually trigger an analyzer run

Authorizations:
ApiKey
path Parameters
id
required
string non-empty

Responses

Response samples

Content type
application/json
{
  • "success": true,
  • "result": { }
}

signals

Forward CrowdSec signals to CAPI after filtering

Receives a batch of CrowdSec alerts, runs them through the configured filters, stores them locally, replicates relevant decisions to LAPI servers, and forwards non-filtered, non-loop alerts to the upstream CAPI.

Authorizations:
ApiKey
Request Body schema: application/json
required
Array (<= 1000 items)
property name*
additional property
any

Responses

Request samples

Content type
application/json
[
  • { }
]

Response samples

Content type
application/json
{
  • "message": "string"
}

Forward CrowdSec signals to CAPI after filtering

Receives a batch of CrowdSec alerts, runs them through the configured filters, stores them locally, replicates relevant decisions to LAPI servers, and forwards non-filtered, non-loop alerts to the upstream CAPI.

Authorizations:
ApiKey
Request Body schema: application/json
required
Array (<= 1000 items)
property name*
additional property
any

Responses

Request samples

Content type
application/json
[
  • { }
]

Response samples

Content type
application/json
{
  • "message": "string"
}