AbuseIPDB
AbuseIPDB is dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.
Connect AbuseIPDB with Devo SOAR
Navigate to Automations > Integrations.
Search for AbuseIPDB.
Click Details, then the + icon. Enter the required information in the following fields.
Label: Enter a connection name.
Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
Remote Agent: Run this integration using the Devo SOAR Remote Agent.
API Key: The API key to connect to the AbuseIPDB.
After you've entered all the details, click Connect.
Actions for AbuseIPDB
IP Lookup
Submit IPs for a Threat Intelligence Lookup. Based off of the results, automate how Incident Response is handled.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
Column Name | Select the name of the column from parent table to lookup value for. | Required |
Output
A JSON containing the result as the suspicious activity of the IP address.
{json}{
"suspicious":"0",
"msg":"No suspicious activity was detected on 23.12.45.6"
}
Release Notes
v3.0.0
- Updated architecture to support IO via filesystemv2.0.8
- Added documentation link in the automation library.