The "AbuseIPDB IPv4 Address Enrichment with Cache" workflow template provides an automated process for threat intelligence enrichment. The workflow takes an IPv4 address as input, checks for existing enrichment data in a cache, and if not present, queries AbuseIPDB to gather intelligence such as the Abuse Confidence Score. Results are cached for future efficiency, streamlining the response strategy during identification and analysis of potential threats.
Use Cases
Threat Intelligence Enrichment
Workflow Breakdown
Provide an IPv4 and integration information to the nested workflow
Check if the address has been enriched and is found in the cache, if found return results.
Query AbuseIPDB for the IPv4 address
Return the results to the parent workflow
Vendors
Utils, AbuseIPDB, Torq
Workflow Output
Analysis information from AbuseIPDB for the IPv4 Address