Skip to content

AbuseIPDB#

README

AbuseIPDB#

AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.

The analyzer comes in only one flavor.

Requirements#

You need a valid AbuseIPDB API integration subscription to use the analyzer:

  • Provide your API key as a value for the key parameter.
  • Set the days parameter to limit temporal range in search

AbuseIPDB#

Author: Matteo Lodi; Fabien Bloume, StrangeBee
License: AGPL-v3
Version: 1.1
Supported observables types:
- ip
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.abuseipdb.com/

Description#

Checks an IP against AbuseIPDB for abuse score, categories, and recent reports.

Configuration#

key API key for AbuseIPDB
Default value if not configured N/A
Type of the configuration item string
The configuration item can contain multiple values False
Is required True
days Check for IP Reports in the last X days
Default value if not configured 30
Type of the configuration item number
The configuration item can contain multiple values False
Is required False

Templates samples for TheHive#

AbuseIPDB: Long report template