IRP Playbooks
  • Initial page
  • Output Types
    • Number (Num)
    • Arrays
    • Objects
    • HR (Human Readable)
  • Components
    • Notifications
      • Send SMS
    • Start Playbook (Required)
      • Incident
    • Investigation
      • SearchEvents
      • SearchLogs
      • SearchWatchList
      • SearchIncidentData
    • Incident Response
      • AbuseEmail
    • Mange Incident
      • AddNote
      • Resolve
      • Escalate
      • AddToWatchList
    • Enrichements
      • Virustotal
      • ThreatIntel
      • WhoisURL
      • GeoIP
      • DomainAvailability
    • Filters
      • Each
    • Controls
      • PublicIp
  • Version
    • Changelog
Powered by GitBook
On this page
  • Inputs
  • Outputs
  1. Components
  2. Enrichements

ThreatIntel

To see if an IP has been reported to Abuse DB as a blacklist IP

PreviousVirustotalNextWhoisURL

Last updated 4 years ago

Inputs

  • Input Field

Input Field

Outputs

  • Raw Output

Reported IPs (Object)

{
            "221.130.59.248": {
                "ipAddress": "221.130.59.248",
                "isPublic": true,
                "ipVersion": 4,
                "isWhitelisted": false,
                "abuseConfidenceScore": 100,
                "countryCode": "CN",
                "usageType": null,
                "isp": "China Mobile Communications Corporation",
                "domain": "chinamobileltd.com",
                "hostnames": [],
                "totalReports": 318,
                "numDistinctUsers": 124,
                "lastReportedAt": "2020-09-24T07:13:07+00:00"
            },
            "221.130.59.249": {}
}

Reported IPs (Array of IPs)

Returns an array of all reported IPs

["221.130.59.248", "221.130.59.249"]

All IPs Results (Object)

Returns all IPs with its details

{
            "221.130.59.248": {
                "ipAddress": "221.130.59.248",
                "isPublic": true,
                "ipVersion": 4,
                "isWhitelisted": false,
                "abuseConfidenceScore": 100,
                "countryCode": "CN",
                "usageType": null,
                "isp": "China Mobile Communications Corporation",
                "domain": "chinamobileltd.com",
                "hostnames": [],
                "totalReports": 318,
                "numDistinctUsers": 124,
                "lastReportedAt": "2020-09-24T07:13:07+00:00"
            },
            "221.130.59.249": {}
}

Total Reports

A summary of all "totalReports" per reported IP.

Results (HR)

IP Address: 38.123.140.51
Abuse Confidence Score: 0
Country Code: US
ISP: PSINet Inc.
Domain: cogentco.com
Hostnames: 
Total Reports: 0
Distinct Users: 0
Last Reported At: null

IP Address: 38.123.140.52
Abuse Confidence Score: 0
Country Code: US
ISP: PSINet Inc.
Domain: cogentco.com
Hostnames: 
Total Reports: 1
Distinct Users: 0
Last Reported At: null

Accepts an IP or an

Array of IPs
Reported IPs (Object)
Reported IPs (Array of IPs)
All IPs Results (Object)
Total Reports
Results (HR)
Threat Intel Component