v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Steampipe logo 
Hub
Plugins
turbot/abuseipdb
Overview
4Tables
Versions
GitHub
steampipe plugin install abuseipdb

Table: abuseipdb_deny - Query AbuseIPDB Denylists using SQL

AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet. Its primary function is to provide a platform for internet service providers, network administrators, and other interested parties to share and access data about abusive IP addresses. It aids in the identification of sources of malicious activities and helps in implementing preventive measures.

Table Usage Guide

The abuseipdb_deny table provides insights into IP addresses that have been reported for abusive activities on the AbuseIPDB platform. As a network administrator or security analyst, explore details about these IP addresses through this table, including their abuse confidence score, country of origin, and associated reports. Utilize it to uncover information about potential security threats, such as those from known malicious sources, for effective threat intelligence and preventive measures.

Important Notes

  • If not specified, the default confidence_minimum is 90.
  • The free tier limit is 5 requests per day.

Examples

Basic deny list (default confidence minimum of 90)

Explore which IP addresses are considered malicious based on a default confidence score of 90 or above. This helps in enhancing your network's security by blocking potentially harmful traffic.

select
  *
from
  abuseipdb_deny;
select
  *
from
  abuseipdb_deny;

List IPs with a confidence minimum of 95

Discover the segments that have a high confidence level of 95, allowing you to focus on the most reliable data for your security analysis. This is particularly useful when you need to prioritize actions based on the degree of certainty in the data.

select
  *
from
  abuseipdb_deny
where
  confidence_minimum = 95;
select
  *
from
  abuseipdb_deny
where
  confidence_minimum = 95;

Schema for abuseipdb_deny

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
abuse_confidence_scorebigintAbuse confidence score.
confidence_minimumbigint=Minimum confidence score.
ip_addressinetIP address to deny.
last_reported_attimestamp with time zoneLast time when the IP was reported.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- abuseipdb

You can pass the configuration to the command with the --config argument:

steampipe_export_abuseipdb --config '<your_config>' abuseipdb_deny