steampipe plugin install abuseipdbsteampipe plugin install abuseipdb

AbuseIPDB + Steampipe

AbuseIPDB allows users to report and identify IP addresses that have been associated with malicious activity online.

Steampipe is an open source CLI to instantly query cloud APIs using SQL.

Query IP address base data from AbuseIPDB:

select
  ip_address,
  abuse_confidence_score,
  last_reported_at
from
  abuseipdb_check_ip
where
  ip_address = '76.76.21.21'

+-------------+------------------------+---------------------+
| ip_address  | abuse_confidence_score | last_reported_at    |
+-------------+------------------------+---------------------+
| 76.76.21.21 | 73                     | 2021-07-10 15:01:31 |
+-------------+------------------------+---------------------+

Documentation

Table definitions & examples →

Get started

Install

Download and install the latest AbuseIPDB plugin:

steampipe plugin install abuseipdb

Configuration

Installing the latest abuseipdb plugin will create a config file (~/.steampipe/config/abuseipdb.spc) with a single connection named abuseipdb:

connection "abuseipdb" {
  plugin = "abuseipdb"
  api_key = "5a76843869c183a4ea901c79102bfa1f667f39a2ea0ba857c9a35a9885d91fbd9c4ae24d6a10999f"
}

api_key - Free API key for authenticated access.

Get involved

Open source: https://github.com/turbot/steampipe-plugin-abuseipdb
Community: Slack Channel

turbot/abuseipdb

AbuseIPDB + Steampipe

Documentation

Get started

Install

Configuration

Get involved

Steampipe

Resources

Community