Table: abuseipdb_check_cidr - Query AbuseIPDB CIDR Reports using SQL
AbuseIPDB is a service that allows users to report and check IP addresses that have been involved in malicious activities like hacking attempts, spamming, and brute force attacks. It offers a comprehensive database of internet protocol addresses that have been reported as abusive. It helps in identifying potential security threats and aids in taking appropriate preventative measures.
Table Usage Guide
The abuseipdb_check_cidr
table provides insights into CIDR reports within AbuseIPDB. As a security analyst, explore CIDR-specific details through this table, including the number of reports, abuse confidence score, and associated metadata. Utilize it to uncover information about potential security threats, such as the most reported IP addresses, the nature of the reported abuse, and the geographical location of the reported IPs.
Examples
List information about IPs in a CIDR range
Identify instances where specific IP addresses within a certain range have been reported for abuse. This can help in assessing potential security threats and taking necessary preventive actions.
select ip_address, abuse_confidence_score, num_reports, last_reported_atfrom abuseipdb_check_cidrwhere cidr = '76.76.21.20/30';
Error: SQLite does not support CIDR operations.
Schema for abuseipdb_check_cidr
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
abuse_confidence_score | bigint | Abuse confidence score for the IP. | |
cidr | cidr | = | CIDR range to check. |
country_code | text | Country code where the IP is located. | |
ip_address | inet | IP address. | |
last_reported_at | timestamp with time zone | Time of the last report for this IP. | |
max_age_in_days | bigint | = | Max age in days of the report data. |
num_reports | bigint | Number of reports for this IP address. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- abuseipdb
You can pass the configuration to the command with the --config
argument:
steampipe_export_abuseipdb --config '<your_config>' abuseipdb_check_cidr