Generates a threat feed IP list by querying AbuseIPDB. The output can then be consumed by firewalls and filtering tools.
- AbuseIPDB subscription (sign up at https://www.abuseipdb.com/pricing)
- A Windows machine with PowerShell
- A web server where the output files will be copied for your firewal
- Save RefreshAbuseIP.ps1 and empty.txt to a folder with write permissions for the AbuseIP batch user account.
- Grant write permissions to an internal web host direcory for the AbuseIP batch account. This is where your firewall will fetch the updated threat feed(s). If you don't need this functionality, you can simply use a directory where you want the final output files to be saved.
- Edit RefreshAbuseIP.ps1 and set $AbuseIPKey and $AbuseIPConfidence values as appropriate.
- Set the following values as appropriate
- $sourceFile = "C:\Scripts\abuseipdb\abuseipdb.txt" # Output file from the abuseipdb API call
- $desFolderPathSplitFile = "D:\Block_List\abuseip" # Destination location for the blocklist files
- $tempFolderPathSplitFile = "C:\Scripts\abuseipdb" # Working directory for the blocklist files
- Execute RefreshAbuseIP.ps1