AbuseIPDB App

The Official AbuseIPDB App for Splunk seamlessly integrates AbuseIPDB's IP threat intelligence API with Splunk, enabling you to quickly and accurately perform threat analysis on IP addresses and enrich IOCs. AbuseIPDB is the largest crowdsourced cyber threat intelligence platform, with over one million IP abuse reports processed daily. This integration adds several search commands that allow you to access the following functions: *Check IP Address*: Check IP addresses for abuse by returning an "abuseConfidenceScore" that represents how confident AbuseIPDB is that the given IP is abusive. *Check IP Block*: Check an entire subnet for abuse reports *Report IP Address*: Submit your own abuse report to AbuseIPDB, based on your own evidence *Download Abuse Reports*: Research an IOC by pulling in details of abuse reports made by others against an IP *Download Abuse Blacklist*: Download a customizable bulk list of the most actively abusive IPs from AbuseIPDB *Sync AbuseIPDB IP Blacklist to Splunk:* The app also allows you to set up a Splunk cron that will regularly download an up-to-date list of the most abusive IPs from the AbuseIPDB IP Blacklist into a Splunk KV Store, allowing easy construction of automations and workflows checking for abusive IPs that engage on your network. This app is actively under development by the AbuseIPDB team, and we plan to be rolling out additional useful features in the future.