How to get Abuse IP data base

ismailctest C

unread,

Sep 15, 2023, 2:51:29 AM9/15/23

to Wazuh | Mailing List

Hi Team,

How to get all blacklisted IPs from any website, please share.

We need to get all reported IPs 2023 & 2023.

ismailctest C

unread,

Sep 15, 2023, 4:08:37 AM9/15/23

to Wazuh | Mailing List

Hi Team,

How to get all blacklisted IPs from any website, please share.

We need to get all reported IPs 2022 & 2023.

Gonzalo Membrillo Solbes

unread,

Sep 19, 2023, 9:20:49 AM9/19/23

to Wazuh | Mailing List

Hello Ismail,

Sorry for the delay. Wazuh has an integration with AbuseIPDB that can be configured to get information from this DB and contrast the source IPs that generate events and contrasts them against the known data from this DB. You can create rules using this information and even use active response to block connections from them once a rule is triggered. You can obtain the script, as well as how to configure Wazuh to use AbuseIPDB against IP addresses that trigger SSH events here:

https://wazuh.com/blog/detecting-known-bad-actors-with-wazuh-and-abuseipdb/

I hope you find this helpful. Feel free to let us know if you need anything else.