AbuseIPDB
Version: 1.4
Updated: May 29, 2024
Enrich IP addresses with reputation information gathered from AbuseIPDB.
Actions
- IP Reputation (Enrichment) - Retrieves IP reputation information and saves the report as incident attachment or artifact (only for Cloud SOAR).
- IP Reputation V2 (Enrichment) - Retrieves IP reputation information.
note
- Results of the IP reputation check can be saved in .csv file format (only for Cloud SOAR).
- Perform multiple searches with any keyword in the comments.
Create an API key
- Create an AbuseIPDB account.
- Navigate to the Account tab.
- Go to API.
- Click on Create Key.
- Copy the API key.
Configure AbuseIPDB
- Access integrations in the Automation Service or Cloud SOAR.
- After the list of the integrations appears, search for the integration and click on the row.
- The integration details will appear. Click on the "+" button to add new Resource.
- Populate all the required fields (*):
- Label. Enter a name for the resource.
- API URL. Enter
https://api.abuseipdb.com
- API Key. Enter the API key you copied earlier.
- Click SAVE.
- To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
- Click TEST
- You should receive a successful notification in the bottom right corner of the screen.
Change Log
- June 19, 2020 - First upload
- August 26, 2021 - Action updated: IP Reputation
- February 20, 2023 (v1.2)
- Updated integration: (Updated the integration Fields with Environmental Variables)
- October 6, 2023 (v1.3)
- Added new action: IP Reputation V2
- Changed fields visibility
- Fixed Typo
- May 29, 2024 (v1.4)
- Updated IP Reputation action which now supports saving reports as incident attachments and artifacts