By CrowdSec
Examine malicious IP addresses and detect aggressive behaviors within your systems.
# Infrastructure & Network Information # Malware # Fraud & Abuse # Threat Intelligence

CrowdSec’s Maltego integration consists of 11 Transforms that allow analysts and investigators to gather malicious IP information and/or enrich IPs with information from CrowdSec’s CTI - a crowd-sourced database that consists of tens of thousands of malicious IPs updated in real-time.

CrowdSec is an open-source security stack that detects aggressive behaviors and prevents them from accessing your systems. Once an unwanted behavior is detected, it is automatically blocked.

The aggressive IP, scenario triggered, and the timestamp are sent for curation, to avoid poisoning and false positives. This IP is then redistributed to all CrowdSec users running the same scenario if verified.

CrowdSec Transforms in Maltego

Typical Users of CrowdSec

  • Threat Intelligence
  • SOC Teams
  • SecOPS / DevSecOPS Population

Integration Benefits

Identify Aggressive IP Addresses and Malicious Behaviors

Get malicious IP information from one of the biggest CTI databases in the world. CrowdSec’s community network covers hundreds of thousands of real-world nodes which provides malicious behavior detection.

Gain Insights into Advanced Threat Intelligence

Advanced enrichments such as categorization of IPs: suspected botnets, identified proxies, and top targeted countries are possible thanks to CrowdSec’s advanced data analysis.

Leverage CrowdSec for

Threat Intelligence

As a forensic team, find out more about the period of malicious activity wether it was targeted attack or just background noise, check if the IP is from a corrupted system or a proxy.
Read more

Pricing & Access

Community Hub
Available only for Maltego Commercial Plans.
Commercial Hub
Users with a Maltego One license have the following access options:
Click-and-Run Limited (Enterprise)

Simply install the Hub item and start using it with the following data allowances:

Maltego Enterprise: 50 Transform Runs / Day

Bring Your Own Key
Pro and Enterprise users can insert their CrowdSec API Keys to access the Transforms in Maltego.


Reach out to us to learn more about this data integration and how to access it.
By clicking on "Send Message", you agree to the processing of the data you entered and you allow us to contact you for the purpose selected in the form. For further information, see our Data Privacy Policy.


CrowdSec is an open-source security stack that detects aggressive behaviors and prevents them from accessing your systems. Its user-friendly design and easy integration into your current security infrastructure offer a low technical entry barrier and a high-security gain. 

For more information, visit: