Skip to main content

Cyware Threat Intelligence eXchange

AbuseIPDB

Connector Category: Enrichment Tool

About Integration

AbuseIPDB is a cybersecurity tool that operates as a community-based IP denylist database. It specializes in documenting and blocking malicious and suspicious IP addresses that pose potential threats. Intel Exchange integrates with AbuseIPDB to enrich IP addresses to provide you insights into their safety, reputation, and potential security risks.

Configure AbuseIPDB as an Enrichment Tool

You can configure AbsueIPDB to enrich IP addresses.

Before you Start 

  • Ensure that you have view, create, and update permissions for Enrichment Management in Intel Exchange.

  • Ensure that you have the base URL and API key of your AbuseIPDB account.

    Note

    Ensure that the API key includes the permissions to retrieve details of IP addresses.

Steps 

To configure AbuseIPDB as an enrichment tool in Intel Exchange, follow these steps:

  1. Sign in to Intel Exchange, and go to Administration > Enrichment Management > Enrichment Tools.

  2. Search and select the AbuseIPDB enrichment tool.

  3. Click Add Account and enter the following details:

    • Account Name: Enter a unique account name to identify the instance. For example, abuseipdb.

    • Base URL: Enter the base URL of your AbuseIPDB instance. The default base URL is https://api.abuseipdb.com/api/v2/check.

    • API Key: Enter the API key of your AbuseIPDB account to authenticate communication between Intel Exchange and AbuseIPDB servers.

    • Verify SSL: Select to verify the SSL certificate and secure the connection between Intel Exchange and AbuseIPDB servers. By default, Verify SSL is selected.

      Note

      We recommend you enable Verify SSL. If you disable this option, Intel Exchange may configure an instance for an expired SSL certificate. This may not establish the connection properly and Intel Exchange will not be able to notify you in case of a broken or improper connection.

  4. Click Save.

After successfully adding an account, you can view and enable the IP feed enrichment type of AbuseIPDB. You can also configure quota to define a limit to the number of enrichment requests Intel Exchange makes to AbuseIPDB. After the quota expires, you cannot make enrichment requests until the quota resets for the next quota duration. For more information, see Define Quota in Configure Enrichment Tools.

To understand the number of API calls and quota units consumed by the AbuseIPDB enrichment tool per polling, refer to the following table.

Enrichment Tool

Feed Enrichment Type

Number of API calls

Quota Consumed

AbuseIPDB

Retrieve IP Detail

1

1

You can configure an enrichment policy to automatically enrich threat data objects using the AbuseIPDB enrichment tool. For more information, see Configure Enrichment Policy.Configure Enrichment Policy