AbuseIPDB Blacklist Ip To Threat Intelligence
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
By every day reccurence, this playbook gets triggered and performs the following actions: 1. Gets list of the most reported IP addresses form the Blacklist Endpoint.
| Attribute | Value |
|---|---|
| Type | Playbook |
| Solution | AbuseIPDB |
| Source | View on GitHub |
Logic App Connectors
This playbook uses 2 Logic App connectors / built-in actions:
| Connector / Action | Type | Connections | Actions |
|---|---|---|---|
microsoftgraphsecurity |
Managed | 1 | 1 |
AbuseIPDBAPI |
Custom | 1 | 1 |
Action parameters (URLs, paths, function IDs)
microsoftgraphsecurity (Managed)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| Submit_multiple_tiIndicators | post | /beta/security/tiIndicators/submitTiIndicators |
— |
AbuseIPDBAPI (Custom)
| Action | Method | Endpoint | Other |
|---|---|---|---|
| BLACKLIST_Endpoint | get | /blacklist |
— |
Additional Documentation
📄 Source: AbuseIPDB-BlacklistIpToThreatIntelligence/readme.md
AbuseIPDB-BlacklistIpToThreatIntelligence
Summary
By every day reccurence, this playbook gets triggered and performs the following actions:
- Gets list of the most reported IP addresses form the Blacklist Endpoint.
Prerequisites
- AbuseIPDB Custom Connector has to be deployed prior to the deployment of this playbook under the same subscription.
- To use the Microsoft Graph Security connector actions, Microsoft Entra ID tenant administrator consent needs to be provided. The Microsoft Graph Security connector application ID and name for Microsoft Entra ID in is as follows for Microsoft Entra ID administrator consent:
- Application Name - MicrosoftGraphSecurityConnector
- Application ID - c4829704-0edc-4c3d-a347-7c4a67586f3c 3.To view the Threat Indicators submitted by Microsoft Graph Security connector, "Threat Intelligence Platforms" connector from "Threat Intelligence" Solution need be installed.
Deployment instructions
- To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
- Fill in the required paramteres:
- Playbook Name: Enter the playbook name here
Post-Deployment instructions
a. Authorize connections
Once deployment is complete, authorize each connection.
- Open playbook which has been deployed
- Click API connection on left side blade
- Click the AbuseIPDB connection resource
- Click edit API connection
- Click Authorize
- Sign in
- Click Save
- Repeat steps for tiIndicators connector API Connection
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊