Integration Details

ThreatQuotient provides the following details for this integration:

Current Integration Version	1.0.3
Compatible with ThreatQ Versions	>= 4.20.0
Support Tier	ThreatQ Supported

Introduction

The ThreatQuotient for AbuseIPDB Operation enables a ThreatQ user to query AbuseIPDB for enrichment metadata.

The operation provides the following action:

• Check - queries AbuseIPDB for any IP Address hits.

The operation is compatible with IP Address Indicator types.

Installation

Configuration

ThreatQuotient does not issue API keys for third-party vendors. Contact the specific vendor to obtain API keys and other integration-related credentials.

To configure the integration:

1. Navigate to your integrations management page in ThreatQ.
2. Select the Operation option from the Type dropdown (optional).
3. Click on the integration entry to open its details page.
4. Enter the following parameters under the Configuration tab:

   Parameter	Description
   Hostname	The Hostname or IP Address of AbuseIPDB API.
   API Key	Your AbuseIPDB API Key.
   Show AbuseIPDB Reports in Output	Show user reports of abusive activity in the output.  This allows you to decide if they want to see all the user reports from AbuseIPDB.

5. Review any additional settings, make any changes if needed, and click on Save.
6. Click on the toggle switch, located above the Additional Information section, to enable it.

Actions

The operation provides the following action:

Action	Description	Object Type	Object Subtype
Check	Queries AbuseIPDB for any IP Address hits.	Indicator	IP Address

Example Output

Change Log

• Version 1.0.3
  • Fixed a timeout error.  
• Version 1.0.2
  • Added the hostname as a user specified parameters with a default value.
  • Added a checkbox for the user to bring in reports as attributes in the UI instead of always showing them as default.
  • Modified the operation to make it compatible with the auto-enrichment framework. 
• Version 1.0.0
  • Initial release