AbuseIPDB API is a project that crowdsources information about hackers, spammers, and other malicious activity on the internet. It collects data from many sources, and then uses that information to provide a central blacklist for systems administrators and webmasters to check against. The AbuseIPDB API allows you to both report and query reported malicious IP addresses.
For more information about the AbuseIPDB API, see the official documentation on their website. The connector facilitates automated interactions with AbuseIPDB by enabling you to use FortiSOAR(tm) playbooks. The AbuseIPDB connector comes with a collection of sample playbooks that demonstrate all supported operations, such as checking an IP address in the blacklist or reporting an IP address to AbuseIPDB. You can find these playbooks in the Automation > Playbooks section of FortiSOAR(tm).
Online Email Verification Checker: Quick and Easy Solutions
The blacklist endpoint returns a list of reports that include the specific IP address that you specify. You can filter the results by using the maxAgeInDays and perPage parameters. For example, to only return reports that have been active for less than a specified number of days, set the maxAgeInDays parameter to a value lower than 30.
The integration is configured by adding the AbuseIPDB component to an automation runbook and then selecting a custom script from the Integrator menu. The name of this script must start with “custom-” and contain the python code used to execute the integration. When an alert containing a malicious IP address is detected, the integrator script makes a request to the AbuseIPDB API to check the IP address in the blacklist. If it is found, the alert is triggered to generate a new rule in your firewall that will block that IP based on the confidence of abuse score that was returned from AbuseIPDB.