turbot/abuseipdb

steampipe plugin install abuseipdbsteampipe plugin install abuseipdb

Table: abuseipdb_check_ip

Query the abuse confidence score and other information about an IP address.

Examples

Get information about an IP

select
ip_address,
abuse_confidence_score,
last_reported_at
from
abuseipdb_check_ip
where
ip_address = '76.76.21.21'

List all reports for a given IP over the last year

select
report ->> 'reportedAt' as reported_at,
report ->> 'comment' as comment,
report ->> 'categories' as categories
from
abuseipdb_check_ip,
jsonb_array_elements(reports) as report
where
ip_address = '76.76.21.21'
and max_age_in_days = 365

Top categories for reports against this IP in the last year

select
category_id.value as category,
c.title,
count(*)
from
abuseipdb_check_ip as ch,
jsonb_array_elements(ch.reports) as report,
jsonb_array_elements(report->'categories') as category_id,
abuseipdb_category as c
where
ip_address = '76.76.21.21'
and max_age_in_days = 365
and c.id = category_id.value::int
group by
category_id.value,
c.title
order by
count desc

.inspect abuseipdb_check_ip

List all checks for a given IP address.

NameTypeDescription
abuse_confidence_scorebigintAbuse confidence score.
country_codetextCountry code where the IP server is located.
domaintextDomain name found at the IP.
ip_addressinetIP address to check.
ip_versionbigintIP address version.
is_publicbooleanTrue if the IP address is public.
is_whitelistedbooleanTrue if the IP address has been whitelisted.
isptextISP hosting the IP.
last_reported_attimestamp without time zoneLast time when the IP was reported.
max_age_in_daysbigintMax age in days of the report data.
num_distinct_usersbigintNumber of users reporting the IP.
reportsjsonbReport details.
total_reportsbigintTotal number of reports for this IP.
usage_typetextUsage type, e.g. Commercial.