AbuseIPDB
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
AbuseIPDB is a project managed by Marathon Studios Inc. Their mission is to help make the Web safer by providing a central repository for webmasters, system administrators, and other interested parties to report and identify IP addresses that have been associated with malicious activity online. You can use the AbuseIPDB plugin with Microsoft Copilot for Security.
Note
This article contains information about third-party plugins. This is provided to help complete integration scenarios. However, Microsoft does not provide troubleshooting support for third-party plugins. Contact the third-party vendor for support.
Know before you begin
Integration with Copilot for Security works with an API key. You'll need to take the following steps before using the plugin.
Get your AbuseIPDB API key. If you don't have one yet, follow these steps:
- Go to the AbuseIPDB website.
- Select on the Sign Up button, located at the top right corner of the page.
- Fill in the required information, such as your email address, username, and password.
- Complete any other steps for verification, if necessary.
- Once registered, sign-in to your AbuseIPDB account.
Access the API key.
- After logging in, go to the AbuseIPDB Homepage page.
- Navigate to the API tab and select on Create key.
- After clicking on Create Key a modal appears. You'll be asked to input a name; you can pick any name for your key. For example, enter "developer_key" and select the create button.
- The newly generated API key should populate on the same API tab. You need this same key-in later steps for the connector.
Sign in to Microsoft Copilot for Security.
Access Manage Plugins by selecting the Sources button from the prompt bar.
Next to AbuseIPDB, select Set up.
In the AbuseIPDB plugin settings pane, in the Value field, paste your API Key, and then select Save.
Sample AbuseIPDB prompts
After the AbuseIPDB plugin is configured, you can use the following capabilities with Copilot for Security.
The following table provides examples you can try:
| Capability | Input | Example prompts |
|---|---|---|
CheckIPAddress Accepts an IP address (v4 or v6) and provides information about the queried IP, including version, origin country, usage type, ISP, and domain. Abusive reports are included. |
Required: - ipAddress Optional: - maxAgeInDays (default 30, min 1, max 365) - verbose |
- Tell me about IP address 118.25.6.39 using AbuseIPDB database - What does the abuseipdb database say about the IP address 180.126.219.127? - I'm curious about any abuseipdb records for the IP address 180.126.219.127. Can you look that up for me for the last 10 days? |
CheckNetworkBlock This capability takes a subnet in CIDR notation (v4 or v6) and returns details about the queried network, including its netmask, possible hosts count, and address space description. URL-encode the network due to forward slashes in CIDR notation. |
Required: - network Optional: - maxAgeInDays(default 30, min 1, max 365) |
- Check the network block 1.1.1.1/24 for any reported IP addresses within the past 10 days. - I'm trying to find out if there are any reported IP addresses on the network block 1.1.1.1/24 in the past 10 days. Can you assist me with that? - Could you help me check if any IP addresses are reported on the network block 1.1.1.1/24 within the last 10 days? |
ListBlockListedIpAddressesThis capability returns a list IP addresses most reported by AbuseIPDB users with or without other filters. Entries include IP, abuse score, and last report timestamp, sorted by score and timestamp. |
Optional: - confidenceMinimum (default 100, min 25, max 100)- limit(default 10,000, min 1, restrictions)- plaintext- onlyCountries- exceptCountries- ipVersion(default 4,6 mixed) |
- List blocklisted IP addresses from AbuseIPDB - According to AbuseIPDB, are there any blocklisted IP addresses from China? |
Provide feedback
To provide feedback, contact AbuseIPDB.