AbuseIPDB

Updated 1 month ago by TruSTAR

This document explains how to set up the AbuseIPDB premium intelligence source in the TruSTAR platform.

AbuseIPDB is a project designed to help combat the spread of hackers, spammers, and abusive activity on the internet by providing a central blacklist for IP addresses that have been associated with malicious activity online.

The integration with TruSTAR enables you to to view AbuseIPDB IP addresses as TruSTAR Reports.

  • Source Type: Premium Intel
  • Update Type: Query-based
  • Time to install: 10 minutes

Observables Supported

  • IP addresses

Requirements

  • A freemium or paid subscription to AbuseIPDB
TruSTAR Admin rights are required to activate this Premium Intelligence feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side Navigation Bar.
  3. Choose Premium Intel.
  4. Click Subscribe on the Abuse IPDB box.
  5. Enter your Abuse IPDB API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

The information retrieved from this intelligence source is stored in the AbuseIPDB Enclave using this format.

Field

Description

Title

Abuse IPDB - $IP

Content

List<Indicator>

External ID

SHA256 Hash of “abuseipdb“ + $IP

Value

IP value

Type

IP4 or IP6

Maliciousness Score

abuseConfidenceScore field from source

relatedObservables

domain field from source

tags

[“countryName:$VALUE“, “isp“:$VALUE]

 

Known Issues

No reported issues.

Please contact support@trustar.co if you have issues with this integration.

How Did We Do?