AbuseIPDB#
README
AbuseIPDB Responder#
Reports IP addresses to AbuseIPDB.
Configuration#
- key: Your AbuseIPDB API key
- categories: One or more categories (see below)
- comment: Optional comment (max 1024 chars)
Categories#
DNS Compromise, DNS Poisoning, Fraud Orders, DDoS Attack, FTP Brute-Force, Ping of Death, Phishing, Fraud VoIP, Open Proxy, Web Spam, Email Spam, Blog Spam, VPN IP, Port Scan, Hacking, SQL Injection, Spoofing, Brute Force, Bad Web Bot, Exploited Host, Web App Attack, SSH, IoT Targeted
Before you use this#
Everytime you run it, configure the responder in Cortex with the correct categories before running it from TheHive. Categories cannot be changed at runtime, as of today.
Wrong categories = bad data in AbuseIPDB. Always validate Cortex configuration before using.
AbuseIPDB_Report#
Author: Fabien Bloume, StrangeBee
License: AGPL-V3
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: True
Subscription required: True
Free subscription: True
Third party service: https://www.abuseipdb.com/
Description#
Report an IP address to AbuseIPDB for abuse tracking and community sharing. Please, make sure to use the correct category in your Cortex responder configuration.
Configuration#
| key | API key for AbuseIPDB |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | True |
| categories | Select one or more abuse categories: DNS Compromise, DNS Poisoning, Fraud Orders, DDoS Attack, FTP Brute-Force, Ping of Death, Phishing, Fraud VoIP, Open Proxy, Web Spam, Email Spam, Blog Spam, VPN IP, Port Scan, Hacking, SQL Injection, Spoofing, Brute Force, Bad Web Bot, Exploited Host, Web App Attack, SSH, IoT Targeted |
|---|---|
| Default value if not configured | ['Hacking'] |
| Type of the configuration item | string |
| The configuration item can contain multiple values | True |
| Is required | True |
| comment | Optional comment describing the abuse (max 1024 characters) |
|---|---|
| Default value if not configured | N/A |
| Type of the configuration item | string |
| The configuration item can contain multiple values | False |
| Is required | False |