Configure Abuse IPDB Integration in CSAP
Administrators can configure Abuse IPDB in CSAP to enrich IP address information from Abuse IPDB. The analysts can enrich any indicator details while creating alerts in CSAP Analyst Portal.
Before you Start
You need to have the View and Create/Update permissions to access the features in the Integrations module.
You must have handy the secret key and endpoint URL of your Abuse IPDB account.
Use the following procedure to configure Abuse IPDB integration in CSAP. While creating alerts, analysts can use Abuse IPDB to enrich any IP addresses included in the alerts. CSAP will fetch information for the IP address from Abuse IP DB and display the results.
Steps
Navigate to Management > Integrations.
Select Abuse IPDB under Third Party Integrations and click Edit.
Enter the Secret Key and Endpoint URL of your Abuse IPDB account.
In Check for IP reports in the last n days, enter the number of days that you want to check for IP reports from Abuse IPDB.
In Validity of the data stored in db (days), enter the number of days that CSAP will look for information for an IP address first in the CSAP database, instead of checking in the Abuse IPDB database.
Click Save to save your changes.