AbuseIPDB

the abuseipdb connector allows users to interact with the abuseipdb api, facilitating the reporting and checking of malicious ip addresses abuseipdb is a widely used platform that specializes in providing threat intelligence about ip addresses reported for malicious activity by integrating the abuseipdb connector with swimlane turbine, users can automate the process of checking, reporting, and managing blacklisted ips directly within their security workflows this integration empowers cybersecurity teams to enhance their incident response capabilities, streamline ip reputation management, and contribute to a safer internet by reporting abusive ips the connector's actions, such as ip checks, bulk reporting, and blacklist retrieval, are essential tools for maintaining network security and compliance prerequisites to effectively utilize the abuseipdb connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint for the abuseipdb api api key your personal key to authenticate requests to abuseipdb capabilities the abuseipdb connector has the following capabilities check ip report ip report blacklist check cidr block configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions ip blacklisting add an ip address to the abuseipdb blacklist, preventing it from accessing network resources endpoint url api/v2/blacklist method get input argument name type required description confidenceminimum number optional unique identifier limit number optional parameter for ip blacklisting plaintext string optional parameter for ip blacklisting onlycountries string optional parameter for ip blacklisting exceptcountries string optional parameter for ip blacklisting output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta generatedat string output field generatedat data array response data ipaddress string output field ipaddress countrycode string output field countrycode abuseconfidencescore number unique identifier lastreportedat string output field lastreportedat example \[ { "status code" 200, "response headers" { "date" "thu, 15 dec 2022 19 59 10 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no cache, private", "x ratelimit limit" "5", "x ratelimit remaining" "3", "cf cache status" "dynamic", "report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=npfmcp%2fij6b ", "nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}", "server" "cloudflare", "cf ray" "77a1c219de6a25f1 gig", "content encoding" "gzip" }, "reason" "ok", "json body" { "meta" {}, "data" \[] } } ] bulk ip reporting submit multiple ip addresses to abuseipdb for bulk reporting of abusive behavior or activity endpoint url api/v2/bulk report method post input argument name type required description file object optional parameter for bulk ip reporting file string optional parameter for bulk ip reporting filename string optional name of the resource output parameter type description status code number http status code of the response reason string response reason phrase data object response data savedreports number output field savedreports invalidreports array unique identifier file name string name of the resource file string output field file example \[ { "status code" 200, "response headers" { "date" "thu, 15 dec 2022 20 42 26 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no cache, private", "x ratelimit limit" "5", "x ratelimit remaining" "2", "cf cache status" "dynamic", "report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=5pr4q%2byiz58 ", "nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}", "server" "cloudflare", "cf ray" "77a201793aa31186 gig", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" {} } } ] ip address check queries abuseipdb to check an ip address for reported abusive activity, requiring the ipaddress parameter endpoint url api/v2/check method get input argument name type required description ipaddress string required parameter for ip address check maxageindays number optional parameter for ip address check verbose string optional parameter for ip address check output parameter type description status code number http status code of the response reason string response reason phrase data object response data ipaddress string output field ipaddress ispublic boolean output field ispublic ipversion number output field ipversion iswhitelisted boolean output field iswhitelisted abuseconfidencescore number unique identifier countrycode string output field countrycode usagetype string type of the resource isp string output field isp domain string output field domain hostnames array name of the resource countryname string name of the resource totalreports number output field totalreports numdistinctusers number output field numdistinctusers lastreportedat string output field lastreportedat reports array output field reports reportedat string output field reportedat comment string output field comment categories array output field categories reporterid number unique identifier reportercountrycode string output field reportercountrycode reportercountryname string name of the resource example \[ { "status code" 200, "response headers" { "date" "thu, 15 dec 2022 19 55 44 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no cache, private", "x ratelimit limit" "1000", "x ratelimit remaining" "999", "cf cache status" "dynamic", "report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=ezwiktgj%2bbp ", "nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}", "server" "cloudflare", "cf ray" "77a1bd0f9d952610 gig", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" {} } } ] check ip block queries abuseipdb to check an entire network block, requiring the 'network' parameter for the specified ip range endpoint url api/v2/check block method get input argument name type required description network string required parameter for check ip block maxageindays number optional parameter for check ip block output parameter type description status code number http status code of the response reason string response reason phrase data object response data networkaddress string output field networkaddress netmask string output field netmask minaddress string output field minaddress maxaddress string output field maxaddress numpossiblehosts number output field numpossiblehosts addressspacedesc string output field addressspacedesc reportedaddress array output field reportedaddress ipaddress string output field ipaddress numreports number output field numreports mostrecentreport string output field mostrecentreport abuseconfidencescore number unique identifier countrycode object output field countrycode example \[ { "status code" 200, "response headers" { "date" "thu, 15 dec 2022 19 57 03 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no cache, private", "x ratelimit limit" "100", "x ratelimit remaining" "98", "cf cache status" "dynamic", "report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=0psrvg6duicxk ", "nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}", "server" "cloudflare", "cf ray" "77a1bf01a83f25e5 gig", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" {} } } ] clear ip address removes an ip address from the abuseipdb blacklist, requiring only the ipaddress as input endpoint url api/v2/clear address method delete input argument name type required description ipaddress string required parameter for clear ip address output parameter type description status code number http status code of the response reason string response reason phrase data object response data numreportsdeleted number output field numreportsdeleted example \[ { "status code" 200, "response headers" { "date" "thu, 15 dec 2022 19 57 28 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no cache, private", "x ratelimit limit" "5", "x ratelimit remaining" "4", "cf cache status" "dynamic", "report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=3yfmagrdme5hm ", "nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}", "server" "cloudflare", "cf ray" "77a1bf9a79ac278e gig", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" {} } } ] report ip activity submit a report on an ip address to abuseipdb with specific categories for the abusive activity detected endpoint url api/v2/report method post input argument name type required description ip string required parameter for report ip activity categories string required parameter for report ip activity comment string optional parameter for report ip activity output parameter type description status code number http status code of the response reason string response reason phrase data object response data ipaddress string output field ipaddress abuseconfidencescore number unique identifier example \[ { "status code" 200, "response headers" { "date" "thu, 15 dec 2022 19 57 44 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no cache, private", "x ratelimit limit" "1000", "x ratelimit remaining" "999", "cf cache status" "dynamic", "report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=kvzued%2fnfog ", "nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}", "server" "cloudflare", "cf ray" "77a1c000de1225f9 gig", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" {} } } ] ip address reports retrieve reports associated with a specified ip address from abuseipdb, requiring an 'ipaddress' parameter endpoint url api/v2/reports method get input argument name type required description ipaddress string required parameter for ip address reports maxageindays number optional parameter for ip address reports page number optional parameter for ip address reports perpage number optional parameter for ip address reports output parameter type description status code number http status code of the response reason string response reason phrase data object response data total number output field total page number output field page count number count value perpage number output field perpage lastpage number output field lastpage nextpageurl string url endpoint for the request previouspageurl object url endpoint for the request results array result of the operation reportedat string output field reportedat comment string output field comment categories array output field categories reporterid number unique identifier reportercountrycode string output field reportercountrycode reportercountryname string name of the resource example \[ { "status code" 200, "response headers" { "date" "thu, 15 dec 2022 19 57 55 gmt", "content type" "application/json", "transfer encoding" "chunked", "connection" "keep alive", "cache control" "no cache, private", "x ratelimit limit" "100", "x ratelimit remaining" "99", "cf cache status" "dynamic", "report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=z8id6rr5ew4mw\ ", "nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}", "server" "cloudflare", "cf ray" "77a1c043cd3c2590 gig", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" {} } } ] response headers header description example cache control directives for caching mechanisms no cache, private cf cache status http response header cf cache status dynamic cf ray http response header cf ray 77a1bf9a79ac278e gig connection http response header connection keep alive content encoding http response header content encoding gzip content type the media type of the resource application/json date the date and time at which the message was originated thu, 15 dec 2022 19 57 03 gmt nel http response header nel {"success fraction" 0 ,"report to" "cf nel","max age" 604800 } report to http response header report to {"endpoints" \[{"url" " https //a nel cloudflare com/report/v3?s=0psrvg6duicxkgm%2bdanljbp6igu3a9lpjhsgfxo4kptw2glsi0f39p1s%2boo9aslz5cusjvu5v7jfdsm3gutu4%2bn3wytkf%2baxqeol29fnqwrwicdb6lhro8stso%2b%2fm0jq1mju"}],"group" "cf nel","max age https //a nel cloudflare com/report/v3?s=0psrvg6duicxkgm%2bdanljbp6igu3a9lpjhsgfxo4kptw2glsi0f39p1s%2boo9aslz5cusjvu5v7jfdsm3gutu4%2bn3wytkf%2baxqeol29fnqwrwicdb6lhro8stso%2b%2fm0jq1mju"}],"group" "cf nel","max age " 604800 } server information about the software used by the origin server cloudflare transfer encoding http response header transfer encoding chunked x ratelimit limit the number of requests allowed in the current rate limit window 5 x ratelimit remaining the number of requests remaining in the current rate limit window 98 notes the connector uses abuseipdb's version 2 api this connector was last tested against product version v2 api