AbuseIPDB

the abuseipdb connector allows users to interact with the abuseipdb api, facilitating the reporting and checking of malicious ip addresses abuseipdb is a widely used platform that specializes in providing threat intelligence about ip addresses reported for malicious activity by integrating the abuseipdb connector with swimlane turbine, users can automate the process of checking, reporting, and managing blacklisted ips directly within their security workflows this integration empowers cybersecurity teams to enhance their incident response capabilities, streamline ip reputation management, and contribute to a safer internet by reporting abusive ips the connector's actions, such as ip checks, bulk reporting, and blacklist retrieval, are essential tools for maintaining network security and compliance prerequisites to effectively utilize the abuseipdb connector within swimlane turbine, ensure you have the following api key authentication with the necessary parameters url the endpoint for the abuseipdb api api key your personal key to authenticate requests to abuseipdb capabilities the abuseipdb connector has the following capabilities check ip report ip report blacklist check cidr block notes the connector uses abuseipdb's version 2 api this connector was last tested against product version v2 api configurations api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required key api key string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions ip blacklisting add an ip address to the abuseipdb blacklist, preventing it from accessing network resources endpoint url api/v2/blacklist method get input argument name type required description parameters confidenceminimum number optional parameters for the ip blacklisting action parameters limit number optional parameters for the ip blacklisting action parameters plaintext string optional parameters for the ip blacklisting action parameters onlycountries string optional parameters for the ip blacklisting action parameters exceptcountries string optional parameters for the ip blacklisting action input example {"parameters" {"confidenceminimum" 100,"limit" 10000,"plaintext" "","onlycountries" "us,ca","exceptcountries" ""}} output parameter type description status code number http status code of the response reason string response reason phrase meta object output field meta meta generatedat string output field meta generatedat data array response data data ipaddress string response data data countrycode string response data data abuseconfidencescore number response data data lastreportedat string response data output example {"status code" 200,"response headers" {"date" "thu, 15 dec 2022 19 59 10 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, private","x ratelimit limit" "5","x ratelimit remaining" "3","cf cache status" "dynamic","report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=npfmcp%2fij6b ","nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}","server" "cloudflare","cf ray" " bulk ip reporting submit multiple ip addresses to abuseipdb for bulk reporting of abusive behavior or activity endpoint url api/v2/bulk report method post input argument name type required description file object optional parameter for bulk ip reporting file file string optional parameter for bulk ip reporting file filename string optional name of the resource input example {"file" {"file" "string","filename" "example name"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data savedreports number response data data invalidreports array response data data invalidreports file name string response data data invalidreports file string response data output example {"status code" 200,"response headers" {"date" "thu, 15 dec 2022 20 42 26 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, private","x ratelimit limit" "5","x ratelimit remaining" "2","cf cache status" "dynamic","report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=5pr4q%2byiz58 ","nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}","server" "cloudflare","cf ray" " ip address check queries abuseipdb to check an ip address for reported abusive activity, requiring the ipaddress parameter endpoint url api/v2/check method get input argument name type required description parameters ipaddress string required parameters for the ip address check action parameters maxageindays number optional parameters for the ip address check action parameters verbose string optional parameters for the ip address check action input example {"parameters" {"ipaddress" "8 8 8 8","maxageindays" 90,"verbose" ""}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data ipaddress string response data data ispublic boolean response data data ipversion number response data data iswhitelisted boolean response data data abuseconfidencescore number response data data countrycode string response data data usagetype string response data data isp string response data data domain string response data data hostnames array response data data countryname string response data data totalreports number response data data numdistinctusers number response data data lastreportedat string response data data reports array response data data reports reportedat string response data data reports comment string response data data reports categories array response data data reports reporterid number response data data reports reportercountrycode string response data data reports reportercountryname string response data output example {"status code" 200,"response headers" {"date" "thu, 15 dec 2022 19 55 44 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, private","x ratelimit limit" "1000","x ratelimit remaining" "999","cf cache status" "dynamic","report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=ezwiktgj%2bbp ","nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}","server" "cloudflare","cf r check ip block queries abuseipdb to check an entire network block, requiring the 'network' parameter for the specified ip range endpoint url api/v2/check block method get input argument name type required description parameters network string required parameters for the check ip block action parameters maxageindays number optional parameters for the check ip block action input example {"parameters" {"network" "127 0 0 1/24","maxageindays" 30}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data networkaddress string response data data netmask string response data data minaddress string response data data maxaddress string response data data numpossiblehosts number response data data addressspacedesc string response data data reportedaddress array response data data reportedaddress ipaddress string response data data reportedaddress numreports number response data data reportedaddress mostrecentreport string response data data reportedaddress abuseconfidencescore number response data data reportedaddress countrycode object response data output example {"status code" 200,"response headers" {"date" "thu, 15 dec 2022 19 57 03 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, private","x ratelimit limit" "100","x ratelimit remaining" "98","cf cache status" "dynamic","report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=0psrvg6duicxk ","nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}","server" "cloudflare","cf ray clear ip address removes an ip address from the abuseipdb blacklist, requiring only the ipaddress as input endpoint url api/v2/clear address method delete input argument name type required description ipaddress string optional parameter for clear ip address input example {"json body" {"ipaddress" "8 8 8 8"}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data numreportsdeleted number response data output example {"status code" 200,"response headers" {"date" "thu, 15 dec 2022 19 57 28 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, private","x ratelimit limit" "5","x ratelimit remaining" "4","cf cache status" "dynamic","report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=3yfmagrdme5hm ","nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}","server" "cloudflare","cf ray" " report ip activity submit a report on an ip address to abuseipdb with specific categories for the abusive activity detected endpoint url api/v2/report method post input argument name type required description ip string optional parameter for report ip activity categories string optional parameter for report ip activity comment string optional parameter for report ip activity input example {"json body" {"ip" "8 8 8 8","categories" "1,2","comment" ""}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data ipaddress string response data data abuseconfidencescore number response data output example {"status code" 200,"response headers" {"date" "thu, 15 dec 2022 19 57 44 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, private","x ratelimit limit" "1000","x ratelimit remaining" "999","cf cache status" "dynamic","report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=kvzued%2fnfog ","nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}","server" "cloudflare","cf r ip address reports retrieve reports associated with a specified ip address from abuseipdb, requiring an 'ipaddress' parameter endpoint url api/v2/reports method get input argument name type required description parameters ipaddress string required parameters for the ip address reports action parameters maxageindays number optional parameters for the ip address reports action parameters page number optional parameters for the ip address reports action parameters perpage number optional parameters for the ip address reports action input example {"parameters" {"ipaddress" "8 8 8 8","maxageindays" 90,"page" 1,"perpage" 25}} output parameter type description status code number http status code of the response reason string response reason phrase data object response data data total number response data data page number response data data count number response data data perpage number response data data lastpage number response data data nextpageurl string response data data previouspageurl object response data data results array response data data results reportedat string response data data results comment string response data data results categories array response data data results reporterid number response data data results reportercountrycode string response data data results reportercountryname string response data output example {"status code" 200,"response headers" {"date" "thu, 15 dec 2022 19 57 55 gmt","content type" "application/json","transfer encoding" "chunked","connection" "keep alive","cache control" "no cache, private","x ratelimit limit" "100","x ratelimit remaining" "99","cf cache status" "dynamic","report to" "{\\"endpoints\\" \[{\\"url\\" \\"https \\\\/\\\\/a nel cloudflare com\\\\/report\\\\/v3?s=z8id6rr5ew4mw\ ","nel" "{\\"success fraction\\" 0,\\"report to\\" \\"cf nel\\",\\"max age\\" 604800}","server" "cloudflare","cf ray response headers header description example cache control directives for caching mechanisms no cache, private cf cache status http response header cf cache status dynamic cf ray http response header cf ray 77a1bf01a83f25e5 gig connection http response header connection keep alive content encoding http response header content encoding gzip content type the media type of the resource application/json date the date and time at which the message was originated thu, 15 dec 2022 19 57 44 gmt nel http response header nel {"success fraction" 0 ,"report to" "cf nel","max age" 604800 } report to http response header report to {"endpoints" \[{"url" " https //a nel cloudflare com/report/v3?s=kvzued%2fnfogienl%2fsdbuxhw3grix8cde71hz%2bhwus7zwxsu4qanjmd63aggws7%2f7yetx9q1fh%2ftapn4xm3yz1uvv4uddfaaks2hw1ywd1hxmddnc%2bavljljylss7hv0g90c4"}],"group" "cf nel","max age " 604800 } server information about the software used by the origin server cloudflare transfer encoding http response header transfer encoding chunked x ratelimit limit the number of requests allowed in the current rate limit window 100 x ratelimit remaining the number of requests remaining in the current rate limit window 2