Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

AbuseIPDB is a project dedicated to helping systems administrators and webmasters check and report IP addresses that are involved in malicious activity such as spamming, hacking attempts, DDoS attacks, etc.

This document provides information about the AbuseIPDB connector, which facilitates automated interactions with AbuseIPDB using FortiSOAR™ playbooks. Add the AbuseIPDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as looking up an IP address in AbuseIPDB, or reporting an IP address to AbuseIPDB.

Version information

Connector Version: 1.0.0

Authored By: Fortinet.

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-abuseipdb

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

  • You must have API key to access AbuseIPDB.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the AbuseIPDB connector and click Configure to configure the following parameters:

Parameter Description
API Token API key to access AbuseIPDB.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
IP Lookup IP lookup in AbuseIPDB. ip_lookup
Investigation
Report IP Report IP to AbuseIPDB. report_ip
Miscellaneous

operation: IP Lookup

Input parameters

Parameter Description
IP IP address to search/identify for malicious activity online.
Reports Within X Days The number of days within to check reports in AbuseIPDB.

Output

The output contains a non-dictionary value.

operation: Report IP

Input parameters

Parameter Description
IP IP address that needs to be reported for malicious activity online.
Categories Malware Category under which above IP falls under.
Comment Optional parameter that you can use to add comments.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - AbuseIPDB - 1.0.0 playbook collection comes bundled with the AbuseIPDB connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AbuseIPDB connector.

  • IP Lookup
  • Report IP

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

AbuseIPDB is a project dedicated to helping systems administrators and webmasters check and report IP addresses that are involved in malicious activity such as spamming, hacking attempts, DDoS attacks, etc.

This document provides information about the AbuseIPDB connector, which facilitates automated interactions with AbuseIPDB using FortiSOAR™ playbooks. Add the AbuseIPDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as looking up an IP address in AbuseIPDB, or reporting an IP address to AbuseIPDB.

Version information

Connector Version: 1.0.0

Authored By: Fortinet.

Certified: No

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-abuseipdb

For the detailed procedure to install a connector, click here

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the connectors page, select the AbuseIPDB connector and click Configure to configure the following parameters:

Parameter Description
API Token API key to access AbuseIPDB.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
IP Lookup IP lookup in AbuseIPDB. ip_lookup
Investigation
Report IP Report IP to AbuseIPDB. report_ip
Miscellaneous

operation: IP Lookup

Input parameters

Parameter Description
IP IP address to search/identify for malicious activity online.
Reports Within X Days The number of days within to check reports in AbuseIPDB.

Output

The output contains a non-dictionary value.

operation: Report IP

Input parameters

Parameter Description
IP IP address that needs to be reported for malicious activity online.
Categories Malware Category under which above IP falls under.
Comment Optional parameter that you can use to add comments.

Output

The output contains a non-dictionary value.

Included playbooks

The Sample - AbuseIPDB - 1.0.0 playbook collection comes bundled with the AbuseIPDB connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AbuseIPDB connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.