Contents x
      AbuseIPDB 1.2.1
      • 22 May 2022
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Contents

      AbuseIPDB 1.2.1

      • Updated on 22 May 2022
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Article summary

      tags: python | Enrichment | IP Reputation | IP GeoLocation Maps | Adaptive Cards

      Description

      Integration with AbuseIPDB is created to support CDC users by providing enrichments for specific IP addresses. This is done to determine if it is engaged in any malicious activities such as abusive usage, hacking, spam, etc. - which enable CDC users to make informed decisions regarding incident response.

      AbuseIPDB helps make the web safer by providing a central repository for webmasters, system administrators, and other interested parties to identify IP addresses that have been associated with malicious activity online.

      CyberProof uses custom adaptive cards to display large amounts of threat data in a meaningful and intuitive GUI, to facilitate easy understanding of complex enriched data about a particular IP.

      CDC Command Lines

      • enrich_ip_cli
        Get information from AbuseIPDB about certain IPs.
      OptionTypeDescriptionRequired
      metadataobjectCommand metadataTrue
      ipstringThe IP address should be v4 or v6.True
      • enrich_range_ips_cli
        Get information from AbuseIPDB about a certain network.
      OptionTypeDescriptionRequired
      metadataobjectCommand metadataTrue
      networkstringThe IP address to enrich as CIDR format.True
      • report_ip_cli
        Report an IP in AbuseIPDB.
      OptionTypeDescriptionRequired
      metadataobjectCommand metadataTrue
      ipstringThe IP address should be v4 or v6.True
      categorystringA string of comma-separated malware categories.True
      commentstringThe reason to report this IP in free text.True

      Workflows

      • post_enrich_ip
        Post enrich-ip in the CDC by the ID of the incident/message/channel.

      • post_enrich_range_ips
        Post enrich-range-ips in the CDC by the ID of the incident/message/channel.

      • post_report_ip
        Post report-ip in CDC the by the ID of the incident/message/channel.

      Rules

      No rules

      Sensors

      No sensors

      Triggers

      No triggers

      Known Issues

      No known issues

      Was this article helpful?
      What's Next