AbuseIPDB

Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.

Data Enrichment & Threat Intelligence · AbuseIPDB

Configuration parameters

  • server — AbuseIP server URL (required)
  • credentials
  • apikey — API Key (v2)
  • abusech_hunting_url — Abuse.ch Hunting API URL
  • hunting_credentials
  • integrationReliability — Source Reliability
  • threshold — Minimum score threshold
  • days — Maximum reports age (in days)
  • disable_private_ip_lookup — Disable reputation lookups for private IP addresses
  • disregard_quota — Disregard quota errors
  • insecure — Trust any certificate (not secure)
  • proxy — Use system proxy settings

Commands (6)

  • abuseipdb-check-cidr-block

    Queries a block of IP addresses to check against the database.

  • abuseipdb-get-blacklist

    Returns a list of the most reported IP addresses.

  • abuseipdb-get-categories

    Returns a list of report categories from AbuseIPDB.

  • abuseipdb-get-fplist

    Returns the False Positive List (FPL) from abuse.ch, including IP and domain indicators removed from their blocklists.

  • abuseipdb-report-ip

    Reports an IP address to AbuseIPDB.

  • ip

    Checks the specified IP address against the AbuseIP database.