Connect Your Server

Start contributing threat intelligence in under 2 minutes.

~2 minutes

How it works: When fail2ban bans an IP on your server, ThreatChain's action automatically reports it to the network. Every other ThreatChain node instantly blocks that IP too. Your ban protects everyone.

You need: a free account, an API key (from the portal), and a Linux server with fail2ban.

Paste your API key to generate a personalized config:

Create the fail2ban action

Save this as /etc/fail2ban/action.d/threatchain.conf

# ThreatChain community threat sharing
# Docs: https://setecastronomyinc.com/setup

[Definition]

actionban = curl -sf -X POST https://setecastronomyinc.com/api/v1/threats               -H "Authorization: Bearer "               -H "Content-Type: application/json"               -d '{"target":"<ip>","source":"fail2ban-community","category":"<category>","severity":"<severity>","action":"block","ttl_seconds":<ttl>}'               -o /dev/null || true

actionunban =

[Init]
tc_api_key = YOUR_API_KEY
category = ssh-brute-force
severity = high
ttl = 86400

Enable it on your sshd jail

Add to /etc/fail2ban/jail.local (create it if it doesn't exist):

[sshd]
enabled  = true
port     = ssh
filter   = sshd
backend  = systemd
maxretry = 5
bantime  = 86400
action   = %(action_)s
           threatchain[tc_api_key="YOUR_API_KEY"]

Restart fail2ban

sudo systemctl restart fail2ban
sudo fail2ban-client status sshd

That's it. Next time fail2ban bans an IP, it'll be shared with the entire ThreatChain network in under 10 seconds.

Verify it's working

# Check your contribution (replace with your key)
curl -s https://setecastronomyinc.com/api/v1/threats   -H "Authorization: Bearer YOUR_API_KEY" | python3 -m json.tool

# View the live dashboard
# https://setecastronomyinc.com/dashboard

Want BGP blackhole routing or more than 100 API calls/day? Upgrade your plan.