AbuseIPDB

Platform:

Cortex XSOAR

Details
Content
Dependencies
Version History

Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.

Automations

Name	Description
AbuseIPDBPopulateIndicators	Extracts IP addresses on block lists from AbuseIPDB, and Populates Indicators accordingly.

Integrations

Name	Description
AbuseIPDB	Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.

Automations

Name	Description
AbuseIPDBPopulateIndicators	Extracts IP addresses on block lists from AbuseIPDB, and Populates Indicators accordingly.

Integrations

Name	Description
AbuseIPDB	Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.

Pack Name	Pack By
Base	By: Cortex XSOAR

Pack Name	Pack By
Base	By: Cortex XSOAR

1.0.34 - 3526238 (May 25, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

1.0.33 - R3318350 (May 6, 2025)

Integrations

AbuseIPDB

Metadata and documentation improvements.

Related pull requests:
- 39217

Download

1.0.32 - R2988287 (March 26, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

1.0.31 - 1602991 (November 6, 2024)

Integrations

AbuseIPDB

Updated the Docker image to: demisto/python3:3.11.10.113941.

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

1.0.30 - 752611 (January 9, 2024)

Integrations

AbuseIPDB

Added more outputs to the ip and abuseipdb-check-cidr-block commands. The following outputs were added:
- IP.Geo.CountryCode
- AbuseIPDB.IP.Geo.CountryCode
- AbuseIPDB.IP.Hostnames
- AbuseIPDB.IP.IpVersion
- AbuseIPDB.IP.IsPublic
- AbuseIPDB.IP.IsTor
- AbuseIPDB.IP.IsWhitelisted
- AbuseIPDB.IP.LastReportedAt
- AbuseIPDB.IP.NumDistinctUsers
Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31946
- 32040

Download

1.0.34 - 3526238 (May 25, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

1.0.33 - R3324525 (May 6, 2025)

Integrations

AbuseIPDB

Metadata and documentation improvements.

Related pull requests:
- 39217

Download

1.0.32 - R2988287 (March 26, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

1.0.31 - 1602991 (November 6, 2024)

Integrations

AbuseIPDB

Updated the Docker image to: demisto/python3:3.11.10.113941.

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.11.10.113941.

Related pull requests:
- 37006
- 36995
- 36994
- 36998
- 36993
- 36992
- 36997

Download

1.0.30 - 752611 (January 9, 2024)

Integrations

AbuseIPDB

Added more outputs to the ip and abuseipdb-check-cidr-block commands. The following outputs were added:
- IP.Geo.CountryCode
- AbuseIPDB.IP.Geo.CountryCode
- AbuseIPDB.IP.Hostnames
- AbuseIPDB.IP.IpVersion
- AbuseIPDB.IP.IsPublic
- AbuseIPDB.IP.IsTor
- AbuseIPDB.IP.IsWhitelisted
- AbuseIPDB.IP.LastReportedAt
- AbuseIPDB.IP.NumDistinctUsers
Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31946
- 32040

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	May 25, 2025

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.