AbuseIPDB is a project dedicated to helping systems administrators and webmasters check and report IP addresses that are involved in malicious activity such as spamming, hacking attempts, DDoS attacks, etc.
This document provides information about the AbuseIPDB connector, which facilitates automated interactions with AbuseIPDB using FortiSOAR™ playbooks. Add the AbuseIPDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as looking up an IP address in AbuseIPDB, or reporting an IP address to AbuseIPDB.
Connector Version: 1.0.0
Authored By: Fortinet.
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-abuseipdb
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the connectors page, select the AbuseIPDB connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
API Token | API key to access AbuseIPDB. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
IP Lookup | IP lookup in AbuseIPDB. | ip_lookup Investigation |
Report IP | Report IP to AbuseIPDB. | report_ip Miscellaneous |
Parameter | Description |
---|---|
IP | IP address to search/identify for malicious activity online. |
Reports Within X Days | The number of days within to check reports in AbuseIPDB. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
IP | IP address that needs to be reported for malicious activity online. |
Categories | Malware Category under which above IP falls under. |
Comment | Optional parameter that you can use to add comments. |
The output contains a non-dictionary value.
The Sample - AbuseIPDB - 1.0.0
playbook collection comes bundled with the AbuseIPDB connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AbuseIPDB connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
AbuseIPDB is a project dedicated to helping systems administrators and webmasters check and report IP addresses that are involved in malicious activity such as spamming, hacking attempts, DDoS attacks, etc.
This document provides information about the AbuseIPDB connector, which facilitates automated interactions with AbuseIPDB using FortiSOAR™ playbooks. Add the AbuseIPDB connector as a step in FortiSOAR™ playbooks and perform automated operations, such as looking up an IP address in AbuseIPDB, or reporting an IP address to AbuseIPDB.
Connector Version: 1.0.0
Authored By: Fortinet.
Certified: No
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-abuseipdb
For the detailed procedure to install a connector, click here
For the procedure to configure a connector, click here
In FortiSOAR™, on the connectors page, select the AbuseIPDB connector and click Configure to configure the following parameters:
Parameter | Description |
---|---|
API Token | API key to access AbuseIPDB. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:
Function | Description | Annotation and Category |
---|---|---|
IP Lookup | IP lookup in AbuseIPDB. | ip_lookup Investigation |
Report IP | Report IP to AbuseIPDB. | report_ip Miscellaneous |
Parameter | Description |
---|---|
IP | IP address to search/identify for malicious activity online. |
Reports Within X Days | The number of days within to check reports in AbuseIPDB. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
IP | IP address that needs to be reported for malicious activity online. |
Categories | Malware Category under which above IP falls under. |
Comment | Optional parameter that you can use to add comments. |
The output contains a non-dictionary value.
The Sample - AbuseIPDB - 1.0.0
playbook collection comes bundled with the AbuseIPDB connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AbuseIPDB connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.