add exploit tracker documentation

crowdsec-docs/docusaurus.config.ts

@@ -4,7 +4,7 @@ import type { Config } from "@docusaurus/types";
 import { themes } from "prism-react-renderer";
 
 import tailwindPlugin from "./plugins/tailwind-config";
-import { ctiApiSidebar, guidesSideBar, remediationSideBar } from "./sidebarsUnversioned";
+import { ctiApiSidebar, guidesSideBar, remediationSideBar, trackerApiSidebar } from "./sidebarsUnversioned";
 
 const generateCurrentAndNextRedirects = (s) => [
 	{
@@ -174,6 +174,7 @@ const redirects = [
 	...[
 		...(Array.isArray(remediationSideBar) ? remediationSideBar : [remediationSideBar]),
 		...(Array.isArray(ctiApiSidebar) ? ctiApiSidebar : [ctiApiSidebar]),
+		...(Array.isArray(trackerApiSidebar) ? trackerApiSidebar : [trackerApiSidebar]),
 		...(Array.isArray(guidesSideBar) ? guidesSideBar : [guidesSideBar]),
 	].flatMap(backportRedirect),
 	{ from: "/docs/troubleshooting", to: "/u/troubleshooting/intro" },

crowdsec-docs/package.json

@@ -43,6 +43,7 @@
         "prism-react-renderer": "^2.4.1",
         "react": "^19.2.1",
         "react-dom": "^19.2.1",
+        "swagger-ui-react": "^5.30.3",
         "tailwind-merge": "^3.3.1",
         "tailwindcss-animate": "^1.0.7"
     },

crowdsec-docs/sidebarsUnversioned.ts

@@ -101,6 +101,28 @@ const sidebarsUnversionedConfig: SidebarConfig = {
 			id: "cti_api/faq",
 		},
 	],
+	trackerApiSidebar: [
+		{
+			type: "doc",
+			label: "Getting Started",
+			id: "tracker_api/intro",
+		},
+		{
+			type: "doc",
+			label: "Prioritize",
+			id: "tracker_api/prioritize",
+		},
+		{
+			type: "doc",
+			label: "Mitigate",
+			id: "tracker_api/mitigate",
+		},
+		{
+			type: "doc",
+			label: "API Reference",
+			id: "tracker_api/api_reference",
+		},
+	],
 	consoleSidebar: [
 		{
 			type: "doc",
@@ -761,6 +783,7 @@ export default sidebarsUnversionedConfig;
 
 export const {
 	ctiApiSidebar,
+	trackerApiSidebar,
 	consoleSidebar,
 	remediationSideBar,
 	blocklistsSideBar,

crowdsec-docs/unversioned/tracker_api/api_reference.mdx

@@ -0,0 +1,9 @@
+---
+id: api_reference
+title: API Reference
+---
+
+import SwaggerUI from "swagger-ui-react";
+import "swagger-ui-react/swagger-ui.css";
+
+<SwaggerUI url="https://raw.githubusercontent.com/crowdsecurity/crowdsec-tracker-api-sdk-python/refs/heads/main/let-openapi.json" />

crowdsec-docs/unversioned/tracker_api/intro.mdx

@@ -0,0 +1,92 @@
+---
+id: intro
+title: Getting Started
+---
+
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+
+## What is the Exploit Tracker API?
+
+The **Exploit Tracker API** allows you to interact with CrowdSec's Threat Intelligence data, specifically focusing on CVEs and the IPs that exploit them. This enables you to prioritize vulnerabilities based on real-world exploitation data and mitigate threats by integrating with your existing security infrastructure.
+
+## Prerequisites
+
+To access the Exploit Tracker API, you need an API key. Please contact the CrowdSec team to obtain your API key if you haven't already.
+
+## Installation
+
+First, install the CrowdSec Tracker API SDK:
+
+```bash
+pip install crowdsec-tracker-api
+```
+
+## Authentication
+
+To interact with the API, you need to configure the authentication using your API key.
+
+```python
+import os
+from crowdsec_tracker_api import ApiKeyAuth, Server
+
+KEY = os.getenv("KEY")
+
+# Configure Authentication
+auth = ApiKeyAuth(api_key=KEY)
+
+# Define the Server URL
+base_url = Server.production_server.value
+```
+
+## Quick Example: Get CVE Information
+
+Here is a simple example of how to retrieve information about a specific CVE using the SDK.
+
+```python
+import os
+from crowdsec_tracker_api import Cves, ApiKeyAuth, Server
+from httpx import HTTPStatusError
+
+KEY = os.getenv("KEY")
+
+# Configure Authentication
+auth = ApiKeyAuth(api_key=KEY)
+
+# Initialize the Cves service
+cves_service = Cves(auth=auth)
+
+# Get CVE Details
+cve_id = "CVE-2025-1324"
+try:
+    cve_details = cves_service.get_cve(cve_id)
+    print(f"CVE: {cve_details.model_dump_json(indent=2)}")
+except HTTPStatusError as e:
+    print(f"An error occurred: {e.response.status_code} - {e.response.text}")
+```
+
+<details>
+  <summary>answer on success</summary>
+
+```json
+{
+  "cve_id": "CVE-2024-1234",
+  "description": "Description of the CVE...",
+  "severity": "High",
+  "exploit_count": 42,
+  "first_seen": "2024-01-15T12:34:56Z",
+  "last_seen": "2024-06-10T08:22:33Z"
+  ... other fields ...
+}
+```
+
+</details>
+
+## Next Steps
+
+Now you can:
+
+- Explore the [API Reference](./api_reference) for detailed information on all available endpoints.
+- Learn how to use [Prioritize CVEs](./prioritize) based on real-world exploitation
+- Discover how to [Mitigate Threats](./mitigate) by integrating with your security appliances.
+- Explore the SDK documentation on [GitHub](https://github.com/crowdsecurity/crowdsec-tracker-api-sdk-python)

crowdsec-docs/unversioned/tracker_api/mitigate.mdx

@@ -0,0 +1,227 @@
+---
+id: mitigate
+title: Mitigate
+---
+
+The **Mitigate** features allow you to take action on the threat intelligence you've gathered. You can create integrations with your security infrastructure (like firewalls) and subscribe them to receive updates about specific CVEs.
+
+## Manage Integrations
+
+Integrations are the bridge between CrowdSec's data and your security systems. You can create integrations that output data in various formats suitable for different firewalls and remediation components.
+
+### Create an Integration
+
+To create an integration, you need to specify its name, type, and output format.
+
+```python
+import os
+from crowdsec_tracker_api import (
+    Integrations,
+    IntegrationCreateRequest,
+    IntegrationType,
+    OutputFormat,
+    Server,
+    ApiKeyAuth,
+)
+from httpx import HTTPStatusError
+
+KEY = os.getenv("KEY")
+
+# Configure Authentication
+auth = ApiKeyAuth(api_key=KEY)
+
+# Initialize the Integrations service
+integrations_service = Integrations(auth=auth)
+
+# Create the request
+request = IntegrationCreateRequest(
+    name="My Firewall Integration",
+    description="fetch cves ips lists",
+    entity_type=IntegrationType.FIREWALL_INTEGRATION.value,
+    output_format=OutputFormat.PLAIN_TEXT.value,
+)
+
+# Create the integration
+try:
+    response = integrations_service.create_integration(request=request)
+    print(f"Integration Created: {response.model_dump_json(indent=2)}")
+except HTTPStatusError as e:
+    print(f"An error occurred: {e.response.status_code} - {e.response.text}")
+# IMPORTANT: Save the Client Secret securely, it is only shown once!
+```
+
+### List Integrations
+
+You can list all your existing integrations to manage them.
+
+```python
+import os
+from crowdsec_tracker_api import (
+    Integrations,
+    Server,
+    ApiKeyAuth,
+)
+from httpx import HTTPStatusError
+
+KEY = os.getenv("KEY")
+
+# Configure Authentication
+auth = ApiKeyAuth(api_key=KEY)
+
+# Initialize the Integrations service
+integrations_service = Integrations(auth=auth)
+
+try:
+    response = integrations_service.get_integrations()
+
+    for integration in response.items:
+        print(integration.model_dump_json(indent=2))
+        print("-----")
+except HTTPStatusError as e:
+    print(f"An error occurred: {e.response.status_code} - {e.response.text}")
+
+```
+
+### Update an Integration
+
+You can update the details of an existing integration, such as its name, description, or regenerate its client secret.
+
+```python
+import os
+from httpx import HTTPStatusError
+from crowdsec_tracker_api import (
+    Integrations,
+    Server,
+    ApiKeyAuth,
+    IntegrationUpdateRequest,
+)
+
+KEY = os.getenv("KEY")
+
+# Configure Authentication
+auth = ApiKeyAuth(api_key=KEY)
+
+# Initialize the Integrations service
+integrations_service = Integrations(auth=auth)
+
+integration_id = "abcdefgh12345678"  # Replace with your integration ID
+request = IntegrationUpdateRequest(
+    name="Updated Firewall Integration",
+    regenerate_credentials=True,
+    description="Updated description for the integration",
+)
+try:
+    response = integrations_service.update_integration(
+        integration_id=integration_id,
+        request=request,
+    )
+    print(f"Integration Updated: {response.model_dump_json(indent=2)}")
+except HTTPStatusError as e:
+    print(f"An error occurred: {e.response.status_code} - {e.response.text}")
+```
+
+### Delete an Integration
+
+If an integration is no longer needed, you can delete it.
+
+```python
+import os
+from httpx import HTTPStatusError
+from crowdsec_tracker_api import (
+    Integrations,
+    Server,
+    ApiKeyAuth,
+)
+
+KEY = os.getenv("KEY")
+
+# Configure Authentication
+auth = ApiKeyAuth(api_key=KEY)
+
+# Initialize the Integrations service
+integrations_service = Integrations(auth=auth)
+
+# Create the integration
+try:
+    response = integrations_service.delete_integration(
+        integration_id="abcdefgh12345678"  # Replace with your integration ID
+    )
+    print("Integration deleted successfully.")
+except HTTPStatusError as e:
+    print(f"An error occurred: {e.response.status_code} - {e.response.text}")
+
+```
+
+## Subscribe CVE to Integration
+
+Once you have an integration, you can subscribe it to a specific CVE. This means the integration will receive the list of IPs exploiting that CVE.
+
+```python
+import os
+from crowdsec_tracker_api import (
+    Cves,
+    Server,
+    ApiKeyAuth,
+    SubscribeCVEIntegrationRequest,
+)
+from httpx import HTTPStatusError
+
+KEY = os.getenv("KEY")
+
+# Initialize the service
+auth = ApiKeyAuth(api_key=KEY)
+cves_service = Cves(auth=auth)
+
+cve_id = "CVE-2024-1234"
+integration_name = "My Firewall Integration"  # The name of the integration you created
+
+# Create subscription request
+request = SubscribeCVEIntegrationRequest(name=integration_name)
+
+# Subscribe
+try:
+    response = cves_service.subscribe_integration_to_cve(request=request, cve_id=cve_id)
+    print(response)
+except HTTPStatusError as e:
+    print(f"An error occurred: {e.response.status_code} - {e.response.text}")
+```
+
+## Unsubscribe Integration from CVE
+
+If you no longer want an integration to receive updates for a CVE, you can unsubscribe it.
+
+```python
+import os
+from httpx import HTTPStatusError
+from crowdsec_tracker_api import (
+    Cves,
+    Server,
+    ApiKeyAuth,
+)
+
+KEY = os.getenv("KEY")
+
+# Initialize the service
+auth = ApiKeyAuth(api_key=KEY)
+cves_service = Cves(auth=auth)
+
+cve_id = "CVE-2024-1234"
+integration_name = "My Firewall Integration"  # The name of the integration you created
+
+# Unsubscribe
+try:
+    response = cves_service.unsubscribe_integration_from_cve(
+        cve_id=cve_id, integration_name=integration_name
+    )
+    if response is None:
+        print(
+            f"Successfully unsubscribed integration '{integration_name}' from CVE '{cve_id}'."
+        )
+except HTTPStatusError as e:
+    print(f"An error occurred: {e.response.status_code} - {e.response.text}")
+
+```
+
+## Next Steps
+
+Now that you have set up integrations and subscribed them to CVEs, you can follow [this documentation guide](https://docs.crowdsec.net/u/integrations/intro) to configure your security appliance based on the integration you created.