AbuseIPDB
Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.
Data Enrichment & Threat Intelligence · AbuseIPDB
Configuration parameters
server— AbuseIP server URL (required)credentials—apikey— API Key (v2)abusech_hunting_url— Abuse.ch Hunting API URLhunting_credentials—integrationReliability— Source Reliabilitythreshold— Minimum score thresholddays— Maximum reports age (in days)disable_private_ip_lookup— Disable reputation lookups for private IP addressesdisregard_quota— Disregard quota errorsinsecure— Trust any certificate (not secure)proxy— Use system proxy settings
Commands (6)
-
abuseipdb-check-cidr-blockQueries a block of IP addresses to check against the database.
-
abuseipdb-get-blacklistReturns a list of the most reported IP addresses.
-
abuseipdb-get-categoriesReturns a list of report categories from AbuseIPDB.
-
abuseipdb-get-fplistReturns the False Positive List (FPL) from abuse.ch, including IP and domain indicators removed from their blocklists.
-
abuseipdb-report-ipReports an IP address to AbuseIPDB.
-
ipChecks the specified IP address against the AbuseIP database.