AbuseIPDB Threat Service¶
Download AbuseIPDB Threat Service¶ on App Exchange
This Custom Threat Service (CTS) pulls data from AbuseIPDB (www.abuseipdb.com) and checks if an IP artifact is blacklisted. This CTS needs an AbuseIPDB account and an v2 api key to work.
Revision History¶
v2.0.1 - minor bug fix
v2.0.0 - support for abuseipdb v2 api
v1.0.0 - initial implementation
Environment¶
This package requires that it is installed on your integration server and that the resilient-circuits application is running.
Unzip the package from the App Exchange and install the .tar.gz file:
$ unzip rc-cts-abuseipdb-<version>.zip
$ pip install rc-cts-abuseipdb-<version>.tar.gz
To set the config values in the app.config file run resilient-circuits config -u
.
Config values example:
[abuseipdb_cts]
abuseipdb_url=https://api.abuseipdb.com/api/v2/check
abuseipdb_key=[your api key from your AbuseIPDB account]
ignore_white_listed=True
Run with: resilient-circuits run
.
Upgrade Instructions¶
Uninstall the previous pip package and install the new new package.
When upgrading from v1.0.0, change your app.config abuseipdb_url
key to reference the v2 api URL:
abuseipdb_url=https://api.abuseipdb.com/api/v2/check
Setup¶
Install the threat service:
sudo resutil threatserviceedit -name "AbuseIPDB" -resturl <resilient_circuits_url>/cts/abuseipdb_threat_feed
To test the connection:
sudo resutil threatservicetest -name "AbuseIPDB"
To delete:
sudo resutil threatservicedel -name "AbuseIPDB"