Alerts Actions suggestion - AbuseIPDB Search #2541
-
|
Hey guys just a quick suggestion for an additional item under the Actions menu in Alerts/Hunt. I often check addresses against AbuseIPDB to see if it is a known malicious IP. I'm currently just copying and pasting so it's certainly no great imposition but I just thought it would be good to do it directly from SO. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
Hi @greatapoc , Thanks for the suggestion! In the meantime, you can actually copy Like so:
Then restart SOC with |
Beta Was this translation helpful? Give feedback.
-
|
Hi @weslambert That's great! Thanks so much for that I'll have a crack at it now. |
Beta Was this translation helpful? Give feedback.
-
|
That was super easy and it works perfectly. I just changed the name from actionAbuseIPDB to AbuseIPDB. Thanks again. |
Beta Was this translation helpful? Give feedback.
-
|
Awesome, yeah sorry, hadn't had a chance to test before sending, but glad to hear it's working! 👍 |
Beta Was this translation helpful? Give feedback.
-
|
No worries at all you're taking the time out from other more important activities I'm sure. Much appreciated. |
Beta Was this translation helpful? Give feedback.
Hi @greatapoc ,
Thanks for the suggestion! In the meantime, you can actually copy
/opt/so/saltstack/default/salt/soc/files/soc/alerts.actions.jsonto/opt/so/saltstack/local/salt/soc/files/soc/alerts.actions.jsonand modify the entries there to include a lookup for AbuseIPDB.Like so:
{ "name": "actionAbuseIPDB", "description": "actionAbuseIPDBHelp", "icon": "fa-external-link-alt", "target": "_blank","links": [ "https://www.abuseipdb.com/check/{value}"Then restart SOC with
so-soc-restart