AbuseIPDB

Version: 1.4
Updated: May 29, 2024

Enrich IP addresses with reputation information gathered from AbuseIPDB.

Actions

• IP Reputation (Enrichment) - Retrieves IP reputation information and saves the report as incident attachment or artifact (only for Cloud SOAR).
• IP Reputation V2 (Enrichment) - Retrieves IP reputation information.

note

• Results of the IP reputation check can be saved in .csv file format (only for Cloud SOAR).
• Perform multiple searches with any keyword in the comments.

Create an API key

1. Create an AbuseIPDB account.
2. Navigate to the Account tab.
3. Go to API.
4. Click on Create Key.
5. Copy the API key.

Configure AbuseIPDB

1. Access integrations in the Automation Service or Cloud SOAR.
2. After the list of the integrations appears, search for the integration and click on the row.
3. The integration details will appear. Click on the "+" button to add new Resource.
4. Populate all the required fields (*):
   • Label. Enter a name for the resource.
   • API URL. Enter https://api.abuseipdb.com
   • API Key. Enter the API key you copied earlier.
5. Click SAVE.
   
6. To make sure the resource is working, hover over the resource and then click the pencil icon that appears on the right.
   
7. Click TEST
8. You should receive a successful notification in the bottom right corner of the screen.
   

Change Log

• June 19, 2020 - First upload
• August 26, 2021 - Action updated: IP Reputation
• February 20, 2023 (v1.2)
  • Updated integration: (Updated the integration Fields with Environmental Variables)
• October 6, 2023 (v1.3)
  • Added new action: IP Reputation V2
  • Changed fields visibility
  • Fixed Typo
• May 29, 2024 (v1.4)
  • Updated IP Reputation action which now supports saving reports as incident attachments and artifacts