AbuseIPDB 1.2.3
- 03 Apr 2025
- 3 Minutes to read
- DarkLight
- PDF
AbuseIPDB 1.2.3
- Updated on 03 Apr 2025
- 3 Minutes to read
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
AbuseIPDB - 1.2.3
tags: python | Enrichment | IP Reputation | IP GeoLocation Maps | Adaptive Cards
Table of Contents
Description
Integration with AbuseIPDB is created to support CDC users by providing enrichments for specific IP addresses. This is done to determine if it is identified to be engaged in any malicious activities such as abusive usage, hacking, spam, etc. - which enable CDC users to make informed decisions regarding incident response.
AbuseIPDB helps make the web safer by providing a central repository for webmasters, system administrators, and other interested parties to identify IP addresses that have been associated with malicious activity online.
CyberProof uses custom adaptive cards to display large amounts of threat data in a meaningful and intuitive GUI, to facilitate easy understanding of complex enriched data about a particular IP.
| Integration Type: | Threat Intelligence Enrichment |
| Information read: | IP Address reputation |
| API Supported: | API V2 |
| Input: | IP Address to be enriched |
| Output: | Details enriched information about IP provided in Input |
| Classification: | Public |
CDC Command Lines
enrich_ip_cli - Get information from AbuseIPDB about certain IPs.
| Option | Type | Description | Required |
|---|---|---|---|
| metadata | object | command metadata | True |
| ip | string | The IP address should be v4 or v6. | True |
enrich_range_ips_cli - Get information from AbuseIPDB about a certain network.
| Option | Type | Description | Required |
|---|---|---|---|
| metadata | object | command metadata | True |
| network | string | The IP address to enrich as CIDR format. | True |
report_ip_cli - Report an IP in AbuseIPDB.
| Option | Type | Description | Required |
|---|---|---|---|
| metadata | object | command metadata | True |
| ip | string | The IP address should be v4 or v6. | True |
| category | string | A string of comma separated malware categories. | True |
| comment | string | The reason to report this IP in free text. | True |
Workflows
post_enrich_ip - Post enrich-ip in CDC by ID of incident/message/chanel.
| Option | Type | Description | Required |
|---|---|---|---|
| cdc_instance_name | string | The configuration key name of the CDC environment. | True |
| incident_id | string | The incident ID in CDC. | False |
| channel_id | string | The channel ID in CDC. | False |
| message_id | string | The message ID in CDC. | False |
| default_error_message | string | The message that will be posted when the action failed. | False |
| instance_name | string | The configuration key name of the pack. | False |
| ip | string | The IP address should be v4 or v6. | True |
| max_age_in_days | integer | Parameter to only return reports within the last x amount of days. !@Deprecated will be removed in v2.0.0@!. | False |
post_enrich_range_ips - Post enrich-range-ips in CDC by ID of incident/message/chanel.
| Option | Type | Description | Required |
|---|---|---|---|
| cdc_instance_name | string | The configuration key name of the CDC environment. | True |
| incident_id | string | The incident ID in CDC. | False |
| channel_id | string | The channel ID in CDC. | False |
| message_id | string | The message ID in CDC. | False |
| default_error_message | string | The message that will be posted when the action failed. | False |
| instance_name | string | The configuration key name of the pack. | False |
| network | string | The IP address to enrich as CIDR format. | True |
| max_age_in_days | integer | Parameter to only return reports within the last x amount of days. | False |
post_report_ip - Post report-ip in CDC by ID of incident/message/chanel.
| Option | Type | Description | Required |
|---|---|---|---|
| cdc_instance_name | string | The configuration key name of the CDC environment. | True |
| incident_id | string | The incident ID in CDC. | False |
| channel_id | string | The channel ID in CDC. | False |
| message_id | string | The message ID in CDC. | False |
| default_error_message | string | The message that will be posted when the action failed. | False |
| instance_name | string | The configuration key name of the pack. | False |
| ip | string | The IP address should be v4 or v6. | True |
| category | string | A string of comma separated malware categories. | True |
| comment | string | The reason to report this IP in free text. | True |
Rules
No rules
Sensors
No sensors
Triggers
No triggers
Known Issues
No issues
Was this article helpful?