adam's notes

AbuseIPDB

AbuseIPDB (abuseipb.com) is a popular website used by analysts to investigate suspicious traffic.

  • provides an API for automation services to integrate with SOAR platforms
    • e.g., a SOAR runbook may include steps to send an IP from a SIEM alert to AbuseIPDB and, based on results, generate an updated IDS detection rule or firewall rule
  • can use to identify malicious network traffic or suspicious emails by submitting an IP address to the platform’s database search tool
  • can review historical data on an IP address including:
    • reports of abuse or malicious activity
    • comments from other users

Graph View

Backlinks