Alerts Actions suggestion - AbuseIPDB Search #2541
-
Hey guys just a quick suggestion for an additional item under the Actions menu in Alerts/Hunt. I often check addresses against AbuseIPDB to see if it is a known malicious IP. I'm currently just copying and pasting so it's certainly no great imposition but I just thought it would be good to do it directly from SO. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
Hi @greatapoc , Thanks for the suggestion! In the meantime, you can actually copy Like so:
Then restart SOC with |
Beta Was this translation helpful? Give feedback.
Hi @greatapoc ,
Thanks for the suggestion! In the meantime, you can actually copy
/opt/so/saltstack/default/salt/soc/files/soc/alerts.actions.json
to/opt/so/saltstack/local/salt/soc/files/soc/alerts.actions.json
and modify the entries there to include a lookup for AbuseIPDB.Like so:
{ "name": "actionAbuseIPDB", "description": "actionAbuseIPDBHelp", "icon": "fa-external-link-alt", "target": "_blank","links": [ "https://www.abuseipdb.com/check/{value}"
Then restart SOC with
so-soc-restart