crowdsecurity · buixor · Apr 15, 2026 · Mar 30, 2026 · Mar 31, 2026 · Mar 31, 2026
diff --git a/README.md b/README.md
@@ -8,23 +8,29 @@ The documentation is built using [Docusaurus](https://docusaurus.io/), a modern
 
 ## Pre-requisites
 
-- Node.js (version 20 or later)
-- npm (Node package manager)
+- [nvm](https://github.com/nvm-sh/nvm) (Node Version Manager)
+- Node.js stable (install via nvm: `nvm install stable && nvm use stable`)
 - VSCode with recommended extensions installed (see `.vscode/extensions.json`)
 
 ## Installation
 
 ```console
+nvm use stable
+cd crowdsec-docs
 npm install
 ```
 
 ## Local Development
 
 ```console
-npm run start
+nvm use stable
+cd crowdsec-docs
+npm start
+# or equivalently
+npx docusaurus start
 ```
 
-This command starts a local development server and opens up a browser window. Most changes are reflected live without having to restart the server.
+This command starts a local development server at http://localhost:3000. Most changes are reflected live without having to restart the server.
 
 ## Build
 

diff --git a/crowdsec-docs/docusaurus.config.ts b/crowdsec-docs/docusaurus.config.ts
@@ -227,6 +227,7 @@ const config: Config = {
 	organizationName: "CrowdSec",
 	projectName: "crowdsec-docs",
 	markdown: {
+		mermaid: true,
 		mdx1Compat: {
 			comments: true,
 			admonitions: true,
@@ -239,6 +240,7 @@ const config: Config = {
 			href: "https://fonts.googleapis.com/icon?family=Material+Icons",
 		},
 	],
+	themes: ["@docusaurus/theme-mermaid"],
 	themeConfig: {
 		image: "img/crowdsec_og_image.png",
 		colorMode: {

diff --git a/crowdsec-docs/package-lock.json b/crowdsec-docs/package-lock.json
diff --git a/crowdsec-docs/package.json b/crowdsec-docs/package.json
@@ -24,6 +24,7 @@
         "@docusaurus/plugin-client-redirects": "^3.9.2",
         "@docusaurus/preset-classic": "^3.9.2",
         "@docusaurus/theme-common": "^3.9.2",
+        "@docusaurus/theme-mermaid": "^3.9.2",
         "@docusaurus/theme-search-algolia": "^3.9.2",
         "@emotion/react": "^11.14.0",
         "@emotion/styled": "^11.14.0",

diff --git a/crowdsec-docs/sidebarsUnversioned.ts b/crowdsec-docs/sidebarsUnversioned.ts
@@ -91,28 +91,101 @@ const sidebarsUnversionedConfig: SidebarConfig = {
 	trackerApiSidebar: [
 		{
 			type: "doc",
-			label: "Getting Started",
+			label: "Overview",
 			id: "tracker_api/intro",
 		},
 		{
-			type: "doc",
-			label: "Prioritize",
-			id: "tracker_api/prioritize",
+			type: "category",
+			label: "Understanding the Data",
+			items: [
+				{
+					type: "doc",
+					label: "Scores & Ratings",
+					id: "tracker_api/scores",
+				},
+				{
+					type: "doc",
+					label: "Exploitation Phases",
+					id: "tracker_api/exploitation_phases",
+				},
+				{
+					type: "doc",
+					label: "CrowdSec Analysis",
+					id: "tracker_api/crowdsec_analysis",
+				},
+				{
+					type: "doc",
+					label: "Threat Context",
+					id: "tracker_api/threat_context",
+				},
+				{
+					type: "doc",
+					label: "Reconnaissance Rules vs CVEs",
+					id: "tracker_api/fingerprints_vs_cves",
+				},
+			],
 		},
 		{
 			type: "doc",
-			label: "Mitigate",
-			id: "tracker_api/mitigate",
+			label: "Web Interface",
+			id: "tracker_api/web_interface",
 		},
 		{
-			type: "doc",
-			label: "API Reference",
-			id: "tracker_api/api_reference",
+			type: "category",
+			label: "API",
+			items: [
+				{
+					type: "doc",
+					label: "Authentication & Setup",
+					id: "tracker_api/api_authentication",
+				},
+				{
+					type: "doc",
+					label: "CVEs",
+					id: "tracker_api/api_cves",
+				},
+				{
+					type: "doc",
+					label: "Reconnaissance / Fingerprints",
+					id: "tracker_api/api_fingerprints",
+				},
+				{
+					type: "doc",
+					label: "Vendors, Products & Tags",
+					id: "tracker_api/api_lookups",
+				},
+				{
+					type: "doc",
+					label: "Integrations & Blocklists",
+					id: "tracker_api/api_integrations",
+				},
+				{
+					type: "doc",
+					label: "SDKs & Libraries",
+					id: "tracker_api/api_sdks",
+				},
+				{
+					type: "doc",
+					label: "API Reference",
+					id: "tracker_api/api_reference",
+				},
+			],
 		},
 		{
-			type: "doc",
-			label: "Web Interface",
-			id: "tracker_api/web_interface",
+			type: "category",
+			label: "Guides",
+			items: [
+				{
+					type: "doc",
+					label: "Triage Workflow",
+					id: "tracker_api/guide_triage",
+				},
+				{
+					type: "doc",
+					label: "Proactive Monitoring",
+					id: "tracker_api/guide_proactive",
+				},
+			],
 		},
 	],
 	consoleSidebar: [

diff --git a/crowdsec-docs/static/img/exploit-tracker/attacker_insights.png b/crowdsec-docs/static/img/exploit-tracker/attacker_insights.png
diff --git a/crowdsec-docs/static/img/exploit-tracker/cve_detail_bottom.png b/crowdsec-docs/static/img/exploit-tracker/cve_detail_bottom.png
diff --git a/crowdsec-docs/static/img/exploit-tracker/cve_detail_top.png b/crowdsec-docs/static/img/exploit-tracker/cve_detail_top.png
diff --git a/crowdsec-docs/static/img/exploit-tracker/explore_cves.png b/crowdsec-docs/static/img/exploit-tracker/explore_cves.png
diff --git a/crowdsec-docs/static/img/exploit-tracker/explore_recon.png b/crowdsec-docs/static/img/exploit-tracker/explore_recon.png
diff --git a/crowdsec-docs/static/img/exploit-tracker/home.png b/crowdsec-docs/static/img/exploit-tracker/home.png
diff --git a/crowdsec-docs/static/img/exploit-tracker/integrations.png b/crowdsec-docs/static/img/exploit-tracker/integrations.png
diff --git a/crowdsec-docs/static/img/exploit-tracker/vendors.png b/crowdsec-docs/static/img/exploit-tracker/vendors.png
diff --git a/crowdsec-docs/unversioned/tracker_api/api_authentication.mdx b/crowdsec-docs/unversioned/tracker_api/api_authentication.mdx
@@ -0,0 +1,74 @@
+---
+id: api_authentication
+title: Authentication & Setup
+---
+
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
+
+## Prerequisites
+
+To use the Live Exploit Tracker API, you need an **API key**. Contact the CrowdSec team to obtain yours if you haven't already.
+
+The same API key works for both the [web interface](./web_interface) and the REST API.
+
+## Base URL
+
+All API endpoints are available at:
+
+```
+https://admin.api.crowdsec.net/v1/
+```
+
+## Authentication
+
+Every API request must include your API key in the `x-api-key` header:
+
+```bash
+curl -X 'GET' \
+  'https://admin.api.crowdsec.net/v1/cves?page=1&size=10' \
+  -H 'accept: application/json' \
+  -H 'x-api-key: YOUR_API_KEY'
+```
+
+## SDKs
+
+CrowdSec provides official SDKs for convenient API access with typed models, authentication handling, and a better developer experience. See the [SDKs & Libraries](./api_sdks) page for installation instructions, examples, and the full list of available SDKs.
+
+**Quick start with the Python SDK:**
+
+```bash
+pip install crowdsec-tracker-api
+```
+
+```python
+import os
+from crowdsec_tracker_api import Cves, ApiKeyAuth
+
+auth = ApiKeyAuth(api_key=os.getenv("CROWDSEC_TRACKER_API_KEY"))
+cve = Cves(auth=auth).get_cve("CVE-2024-25600")
+print(f"{cve.title}: Score {cve.crowdsec_score}, Phase: {cve.exploitation_phase.label}")
+```
+
+## Error Handling
+
+The API returns standard HTTP status codes:
+
+| Status Code | Meaning |
+|---|---|
+| `200` | Success |
+| `201` | Resource created successfully |
+| `204` | Success with no content (e.g., after deletion) |
+| `401` | Invalid or missing API key |
+| `404` | Resource not found |
+| `422` | Validation error (check request parameters) |
+| `429` | Rate limit exceeded |
+
+## Next Steps
+
+- [Explore CVEs](./api_cves) — List, search, and get detailed intelligence
+- [Fingerprint Rules](./api_fingerprints) — Monitor product-level probing activity
+- [Integrations & Blocklists](./api_integrations) — Create firewall integrations and subscribe to CVEs
+- [Browse by Vendor, Product, or Tag](./api_lookups) — Explore the coverage landscape
+- [SDKs & Libraries](./api_sdks) — Official SDKs for Python and more
+- [API Reference (Swagger)](./api_reference) — Full interactive API documentation