AbuseIPDB

Details
Content
Dependencies
Version History

Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.

Automations

Name	Description
AbuseIPDBPopulateIndicators	Extracts IP addresses on block lists from AbuseIPDB, and Populates Indicators accordingly.

Integrations

Name	Description
AbuseIPDB	Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.

Automations

Name	Description
AbuseIPDBPopulateIndicators	Extracts IP addresses on block lists from AbuseIPDB, and Populates Indicators accordingly.

Integrations

Name	Description
AbuseIPDB	Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.

Required Content Packs (1)

Pack Name	Pack By
Base	By: Cortex XSOAR

Optional Content Packs (0)

Pack Name	Pack By

All level dependencies (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Aggregated Scripts	By: Cortex XSOAR

1.1.0 - 7405158 (March 2, 2026)

Integrations

Added support for the Abuse.ch Hunting API URL parameter.
Added support for the Abuse.ch Hunting API Key parameter.
Added support for the abuseipdb-get-fplist command that returns a false positive list (fpl) from the abuse.ch file. The list contains indicators (ips and domains) that have been removed from their blocklists.

Related pull requests:
- 43315

Download

1.0.40 - 7175321 (February 16, 2026)

Integrations

AbuseIPDB

Fixed an issue with the handling of proxy configuration.
Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43130

Download

1.0.39 - 6025169 (November 26, 2025)

Integrations

AbuseIPDB

Updated the integrationReliability parameter to optional instead of required.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 42021

Download

1.0.38 - 5717993 (November 3, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41760

Download

1.0.37 - 5636304 (October 29, 2025)

Changes are not relevant for XSOAR marketplace.

Related pull requests:
- 41629

Download

1.0.36 - 4492991 (August 11, 2025)

Integrations

AbuseIPDB

Fixed an issue where the default value for the days argument in the ip command incorrectly overrode the default value of the days parameter.
Updated the Docker image to: demisto/python3:3.12.11.4417419.

Related pull requests:
- 40843

Download

1.0.35 - 3849419 (June 18, 2025)

Integrations

AbuseIPDB

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40221

Download

1.0.34 - 3526238 (May 25, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

1.0.33 - R3318350 (May 6, 2025)

Integrations

AbuseIPDB

Metadata and documentation improvements.

Related pull requests:
- 39217

Download

1.0.32 - R2988287 (March 26, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

1.1.0 - 7405158 (March 2, 2026)

Integrations

AbuseIPDB

Added support for the Abuse.ch Hunting API URL parameter.
Added support for the Abuse.ch Hunting API Key parameter.
Added support for the abuseipdb-get-fplist command that returns a false positive list (fpl) from the abuse.ch file. The list contains indicators (ips and domains) that have been removed from their blocklists.

Related pull requests:
- 43315

Download

1.0.40 - 7178553 (February 16, 2026)

Integrations

AbuseIPDB

Fixed an issue with the handling of proxy configuration.
Updated the Docker image to: demisto/python3:3.12.12.7090913.

Related pull requests:
- 43130

Download

1.0.39 - 6025169 (November 26, 2025)

Integrations

AbuseIPDB

Updated the integrationReliability parameter to optional instead of required.
Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 42021

Download

1.0.38 - 5717993 (November 3, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.12.12.5490952.

Related pull requests:
- 41760

Download

1.0.37 - 5636304 (October 29, 2025)

Changes are not relevant for XSIAM marketplace.

Related pull requests:
- 41629

Download

1.0.36 - 4492991 (August 11, 2025)

Integrations

AbuseIPDB

Fixed an issue where the default value for the days argument in the ip command incorrectly overrode the default value of the days parameter.
Updated the Docker image to: demisto/python3:3.12.11.4417419.

Related pull requests:
- 40843

Download

1.0.35 - 3849419 (June 18, 2025)

Integrations

AbuseIPDB

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 40221

Download

1.0.34 - 3526238 (May 25, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.12.8.3296088.

Related pull requests:
- 39931

Download

1.0.33 - R3324525 (May 6, 2025)

Integrations

AbuseIPDB

Metadata and documentation improvements.

Related pull requests:
- 39217

Download

1.0.32 - R2988287 (March 26, 2025)

Scripts

AbuseIPDBPopulateIndicators

Updated the Docker image to: demisto/python3:3.11.10.115186.

Related pull requests:
- 37147
- 37137
- 37136
- 37140
- 37138
- 37139

Download

PUBLISHER

PLATFORMS

Cortex XSOARCortex XSIAM

INFO

Certification	Certified	Read more
Supported By	Cortex
Created	November 9, 2020
Last Release	March 2, 2026

WORKS WITH THE FOLLOWING INTEGRATIONS:

DISCLAIMER

Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise.