Abuse IP DB API is a project that helps systems administrators, webmasters and security analysts monitor hackers, spammers, and other malicious activity on the Internet. Its free API allows you to check an IP address’ reputation and report it to the community for blacklisting. Integrating with Abuse IP DB is simple. First, create a free account at the Abuse IP DB portal and then click the API tab to create a key. Copy and save the key – you’ll need it to set up the integration in Torq.

Exploring the Abuse IP DB API for Enhanced Security

You can test the API with a locally configured IP address. Using an IP address that is on your own network will reduce the bandwidth used for reporting to Abuse IP DB. To use the API you need to have a python script that processes the alerts and checks the IP address in Abuse IP DB. This can be done with the built-in integration steps for VirusTotal, Slack and PagerDuty or by creating your own custom step.

The API returns a newline-separated plain text response with the information on the reported IP address including its reputation score, categories list and last report timestamp if available. The maximum number of reports to return is 10,000 for standard users and unlimited for subscribers (changeable with the $limit parameter). The minimum abuse confidence score that should be included in the request can be set with the $confidenceMinimum parameter.

If you need to make more frequent queries to the Blacklist endpoint, you can change your rate limit in the Torq portal under Configuration > External Connectors. Queries to the Blacklist API that exceed your limit will generate a 429 error.