turbot/abuseipdb

steampipe plugin install abuseipdbsteampipe plugin install abuseipdb

AbuseIPDB + Steampipe

AbuseIPDB allows users to report and identify IP addresses that have been associated with malicious activity online.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Query IP address base data from AbuseIPDB:

select
ip_address,
abuse_confidence_score,
last_reported_at
from
abuseipdb_check_ip
where
ip_address = '76.76.21.21'
+-------------+------------------------+---------------------+
| ip_address | abuse_confidence_score | last_reported_at |
+-------------+------------------------+---------------------+
| 76.76.21.21 | 73 | 2021-07-10 15:01:31 |
+-------------+------------------------+---------------------+

Documentation

Get started

Install

Download and install the latest AbuseIPDB plugin:

steampipe plugin install abuseipdb

Configuration

Installing the latest abuseipdb plugin will create a config file (~/.steampipe/config/abuseipdb.spc) with a single connection named abuseipdb:

connection "abuseipdb" {
plugin = "abuseipdb"
api_key = "5a76843869c183a4ea901c79102bfa1f667f39a2ea0ba857c9a35a9885d91fbd9c4ae24d6a10999f"
}
  • api_key - Free API key for authenticated access.

Get involved