quick question- which is correct env variable for CTI - CROWDSEC_CTI_API_KEY or CTI_API_KEY
Error log
31 Replies
Important Information
This post has been marked as resolved. If this is a mistake please press the red button below or type
/unresolve© Created By WhyAydan for CrowdSec ❤️
https://github.com/search?q=org%3Acrowdsecurity+CTI_API_KEY&type=code in other projects it's
CROWDSEC_CTI_API_KEY 😄GitHub
Build software better, together
GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.
so generally it depends on the implementation
the search results were funny
lol
tried both,
cticlient/example/fire.go is just like that - an example, not the actual fully working setup
for reference i am trying this
GitHub
crowdsec/pkg/cticlient/client.go at master · crowdsecurity/crowdsec
CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI. - crowdsecurity/crowdsec
I don't quite understand what your problem is?
I have attached the logs , notification suffers a crash because of cti not configured properly
You sure the notification not working? The test command spins up a temporary plugin to push the notification and kills it.
The 10.10.10.10 by default has not data in the CTI so since you don't check for null or empty that could be why
You can override which IP by using the json override and it should be
{"source": {"value": "10.10.10.10"}} docker exec crowdsec cscli decisions add -i 5.101.111.66
tried this
no result in the discordadding manual decisions does not trigger notifications
try
okay
sorry guys found it
go was adding -discord to the wrong block
it should add to
name: default_ip_remediation if am correct
it was adding to name: default_range_remediation
Nope
time="2025-12-01T16:16:16Z" level=error msg="Invalid API key provided, disabling CTI API" type=crowdsec-ctiyour key still the same one provided by the console?
yes.
And it still shown in the console, just saying cause we just pruned a bunch of dead keys that havent been used in months. (and it be missing within the interface)
yesterday i regenerated one
@Loz and @KaszpiR thanks guys. Now it works.
CROWDSEC_CTI_API_KEY this only sticks. dont know why.
Resolving quick question- which is correct env variable for CTI - CROWDSEC_CTI_API_KEY or CTI_API_KEY
This has now been resolved. If you think this is a mistake please run
/unresolvemaybe libraries are automatically assuming env var prefix with the app name, I guess this becomes a standard
no idea
my code was also a bit of an issue but not related to this
but for cti - this will only work
CROWDSEC_CTI_API_KEY
any ways see you around guys.
soory @KaszpiR to ping again, any guidance for unifi bouncer/ log phrase, one of my user/friend keeps on asking meno idea, not using anything from unifi, probably you need to search on crowdsec hub or discord
https://app.crowdsec.net/hub?filters=search%3Dunifi there are some... probbaly needs to set up remote loging via syslog
Collections, AppSec Rules & Configurations | CrowdSec Hub
Manage collections, configurations, remediation components, and AppSec rules with CrowdSec Hub. Streamline security with tools and integrations for enhanced protection.
Thanks bro 👍