turbot/abuseipdb
steampipe plugin install abuseipdb

Table: abuseipdb_check_cidr - Query AbuseIPDB CIDR Reports using SQL

AbuseIPDB is a service that allows users to report and check IP addresses that have been involved in malicious activities like hacking attempts, spamming, and brute force attacks. It offers a comprehensive database of internet protocol addresses that have been reported as abusive. It helps in identifying potential security threats and aids in taking appropriate preventative measures.

Table Usage Guide

The abuseipdb_check_cidr table provides insights into CIDR reports within AbuseIPDB. As a security analyst, explore CIDR-specific details through this table, including the number of reports, abuse confidence score, and associated metadata. Utilize it to uncover information about potential security threats, such as the most reported IP addresses, the nature of the reported abuse, and the geographical location of the reported IPs.

Examples

List information about IPs in a CIDR range

Identify instances where specific IP addresses within a certain range have been reported for abuse. This can help in assessing potential security threats and taking necessary preventive actions.

select
ip_address,
abuse_confidence_score,
num_reports,
last_reported_at
from
abuseipdb_check_cidr
where
cidr = '76.76.21.20/30';
Error: SQLite does not support CIDR operations.

Schema for abuseipdb_check_cidr

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
abuse_confidence_scorebigintAbuse confidence score for the IP.
cidrcidr=CIDR range to check.
country_codetextCountry code where the IP is located.
ip_addressinetIP address.
last_reported_attimestamp with time zoneTime of the last report for this IP.
max_age_in_daysbigint=Max age in days of the report data.
num_reportsbigintNumber of reports for this IP address.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- abuseipdb

You can pass the configuration to the command with the --config argument:

steampipe_export_abuseipdb --config '<your_config>' abuseipdb_check_cidr