Updated 1 month ago by TruSTAR

This document explains how to set up the AbuseIPDB premium intelligence source in the TruSTAR platform.

AbuseIPDB is a project designed to help combat the spread of hackers, spammers, and abusive activity on the internet by providing a central blacklist for IP addresses that have been associated with malicious activity online.

The integration with TruSTAR enables you to to view AbuseIPDB IP addresses as TruSTAR Reports.

  • Source Type: Premium Intel
  • Update Type: Query-based
  • Time to install: 10 minutes

Observables Supported

  • IP addresses


  • A freemium or paid subscription to AbuseIPDB
TruSTAR Admin rights are required to activate this Premium Intelligence feed.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side Navigation Bar.
  3. Choose Premium Intel.
  4. Click Subscribe on the Abuse IPDB box.
  5. Enter your Abuse IPDB API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

TruSTAR Report Mapping

The information retrieved from this intelligence source is stored in the AbuseIPDB Enclave using this format.




Abuse IPDB - $IP



External ID

SHA256 Hash of “abuseipdb“ + $IP


IP value


IP4 or IP6

Maliciousness Score

abuseConfidenceScore field from source


domain field from source


[“countryName:$VALUE“, “isp“:$VALUE]


Known Issues

No reported issues.

Please contact support@trustar.co if you have issues with this integration.

How Did We Do?