Skip to main content
All CollectionsTemplatesBasic
AbuseIPDB IPv4 Address Enrichment with Cache - Workflow Template
AbuseIPDB IPv4 Address Enrichment with Cache - Workflow Template

Workflow that will take an IPv4 address as input and query AbuseIPDB for details about the address including the Abuse Confidence Score.

Updated over a week ago

This workflow template automates the process of retrieving and analyzing data for an IPv4 address from AbuseIPDB, including obtaining an Abuse Confidence Score, to support Threat Intelligence Enrichment efforts. It incorporates a caching mechanism to optimize performance by preventing redundant lookups. If a cache hit is detected, results are instantly returned; otherwise, AbuseIPDB is queried. The findings are then relayed back to the parent workflow, efficiently streamlining the identification and analysis phase of incident response.

Use Cases

Threat Intelligence Enrichment

Workflow Breakdown

  1. Provide an IPv4 and integration information to the nested workflow

  2. Check if the address has been enriched and is found in the cache, if found return results.

  3. Query AbuseIPDB for the IPv4 address

  4. Return the results to the parent workflow

Vendors

Utils, AbuseIPDB, Torq

Workflow Output

Analysis information from AbuseIPDB for the IPv4 Address

Did this answer your question?