Implementation of MSTICPy Threat Intel Provider for a Cybersecurity Company

About Client

CrowdSec is a hyper growth cybersecurity company with 300k+ installations. According to G2 it’s a market leader in 8+ categories.

Problem Statement

CrowdSec offers CTI data through their API. Lot of the enterprise customers want to consume this data using their own cybersecurity investigation tools. MSTICPy is one them. It is a open source threat hunting library developed by Microsoft. It’s used by many Fortune 500 companies.

Solution

We researched how users were consuming CTI data in MSTICPy. We found that MSTICPy had a concept of threat intel providers. We decided to implement a threat intel provider for CrowdSec.

Implementation

We followed the MSTICPy documentation to implement the threat intel provider. We also wrote unit tests to ensure the provider works as expected.

Results

CrowdSec’s threat intel provider has been merged into MSTICPy. MSTICPy users can now consume CrowdSec CTI data using the provider.