diff --git a/Packs/AbuseDB/Integrations/AbuseDB/AbuseDB.py b/Packs/AbuseDB/Integrations/AbuseDB/AbuseDB.py
index 8a93c48d5f78..1e05558308c7 100644
--- a/Packs/AbuseDB/Integrations/AbuseDB/AbuseDB.py
+++ b/Packs/AbuseDB/Integrations/AbuseDB/AbuseDB.py
@@ -143,17 +143,30 @@ def analysis_to_entry(info, reliability, threshold=THRESHOLD, verbose=VERBOSE):
for analysis in info:
ip_ec = {
"Address": analysis.get("ipAddress"),
- "Geo": {"Country": analysis.get("countryName") or analysis.get("countryCode")}
+ "Geo": {
+ "Country": analysis.get("countryName"),
+ "CountryCode": analysis.get("countryCode")
+ }
}
abuse_ec = {
"IP": {
"Address": analysis.get("ipAddress"),
- "Geo": {"Country": analysis.get("countryName") or analysis.get("countryCode")},
+ "Geo": {
+ "Country": analysis.get("countryName"),
+ "CountryCode": analysis.get("countryCode")
+ },
"AbuseConfidenceScore": analysis.get('abuseConfidenceScore'),
- "TotalReports": analysis.get("totalReports") or analysis.get("numReports") or "0",
+ "TotalReports": analysis.get("totalReports") or analysis.get("numReports") or 0,
"ISP": analysis.get("isp"),
"UsageType": analysis.get("usageType"),
- "Domain": analysis.get("domain")
+ "Domain": analysis.get("domain"),
+ "Hostnames": analysis.get("hostnames"),
+ "IpVersion": analysis.get("ipVersion"),
+ "IsPublic": analysis.get("isPublic"),
+ "IsTor": analysis.get("isTor"),
+ "IsWhitelisted": analysis.get("isWhitelisted"),
+ "LastReportedAt": analysis.get("lastReportedAt"),
+ "NumDistinctUsers": analysis.get("numDistinctUsers")
}
}
diff --git a/Packs/AbuseDB/Integrations/AbuseDB/AbuseDB.yml b/Packs/AbuseDB/Integrations/AbuseDB/AbuseDB.yml
index 2d7651f54880..75701e419647 100644
--- a/Packs/AbuseDB/Integrations/AbuseDB/AbuseDB.yml
+++ b/Packs/AbuseDB/Integrations/AbuseDB/AbuseDB.yml
@@ -116,6 +116,9 @@ script:
- contextPath: IP.Geo.Country
description: The country in which the IP address is located.
type: String
+ - contextPath: IP.Geo.CountryCode
+ description: The country code in which the IP address is located.
+ type: String
- contextPath: IP.Malicious.Vendor
description: The vendor reporting the IP address as malicious.
type: String
@@ -134,6 +137,30 @@ script:
- contextPath: AbuseIPDB.IP.Geo.Country
description: The country associated with the IP Address.
type: String
+ - contextPath: AbuseIPDB.IP.Geo.CountryCode
+ description: The country code associated with the IP Address.
+ type: String
+ - contextPath: AbuseIPDB.IP.Hostnames
+ description: The hostame(s) of the IP address.
+ type: String
+ - contextPath: AbuseIPDB.IP.IpVersion
+ description: The version of the IP address.
+ type: String
+ - contextPath: AbuseIPDB.IP.IsPublic
+ description: Is the IP address public.
+ type: String
+ - contextPath: AbuseIPDB.IP.IsTor
+ description: Is the IP address a Tor IP.
+ type: String¨
+ - contextPath: AbuseIPDB.IP.IsWhitelisted
+ description: Is the IP address whitelisted.
+ type: String
+ - contextPath: AbuseIPDB.IP.LastReportedAt
+ description: When the IP address was last reported.
+ type: String
+ - contextPath: AbuseIPDB.IP.NumDistinctUsers
+ description: The distinct number of users.
+ type: String
- contextPath: AbuseIPDB.IP.Reports
description: The reports summary (for "verbose" reports).
type: String
@@ -192,6 +219,9 @@ script:
- contextPath: IP.Geo.Country
description: The country in which the IP address is located.
type: String
+ - contextPath: IP.Geo.CountryCode
+ description: The country code in which the IP address is located.
+ type: String
- contextPath: IP.Malicious.Vendor
description: The vendor reporting the IP address as malicious.
type: String
@@ -211,8 +241,32 @@ script:
description: The number of times this address has been reported.
type: Unknown
- contextPath: AbuseIPDB.IP.Geo.Country
- description: The country associated with this IP Address.
- type: Unknown
+ description: The country associated with the IP Address.
+ type: String
+ - contextPath: AbuseIPDB.IP.Geo.CountryCode
+ description: The country code associated with the IP Address.
+ type: String
+ - contextPath: AbuseIPDB.IP.Hostnames
+ description: The hostame(s) of the IP address.
+ type: String
+ - contextPath: AbuseIPDB.IP.IpVersion
+ description: The version of the IP address.
+ type: String
+ - contextPath: AbuseIPDB.IP.IsPublic
+ description: Is the IP address public.
+ type: String
+ - contextPath: AbuseIPDB.IP.IsTor
+ description: Is the IP address a Tor IP.
+ type: String¨
+ - contextPath: AbuseIPDB.IP.IsWhitelisted
+ description: Is the IP address whitelisted.
+ type: String
+ - contextPath: AbuseIPDB.IP.LastReportedAt
+ description: When the IP address was last reported.
+ type: String
+ - contextPath: AbuseIPDB.IP.NumDistinctUsers
+ description: The distinct number of users.
+ type: String
- contextPath: AbuseIPDB.IP.Reports
description: Reports summary (for "verbose" reports).
type: Unknown
@@ -285,7 +339,7 @@ script:
script: ''
subtype: python3
type: python
- dockerimage: demisto/python3:3.10.13.80014
+ dockerimage: demisto/python3:3.10.13.83255
fromversion: 5.0.0
tests:
- AbuseIPDB Test
diff --git a/Packs/AbuseDB/Integrations/AbuseDB/README.md b/Packs/AbuseDB/Integrations/AbuseDB/README.md
index c2a918082f15..ed781314b524 100644
--- a/Packs/AbuseDB/Integrations/AbuseDB/README.md
+++ b/Packs/AbuseDB/Integrations/AbuseDB/README.md
@@ -99,10 +99,50 @@
| AbuseIPDB.IP.Geo.Country |
-unknown |
+String |
Country associated with this IP Address |
+| AbuseIPDB.IP.Geo.CountryCode |
+String |
+Country code associated with this IP Address |
+
+
+| AbuseIPDB.IP.Hostnames |
+String |
+The hostame(s) of the IP address. |
+
+
+| AbuseIPDB.IP.IpVersion |
+String |
+The version of the IP address. |
+
+
+| AbuseIPDB.IP.IsPublic |
+String |
+Is the IP address public. |
+
+
+| AbuseIPDB.IP.IsTor |
+String |
+Is the IP address a Tor IP. |
+
+
+| AbuseIPDB.IP.IsWhitelisted |
+String |
+Is the IP address whitelisted. |
+
+
+| AbuseIPDB.IP.LastReportedAt |
+String |
+When the IP address was last reported. |
+
+
+| AbuseIPDB.IP.NumDistinctUsers |
+String |
+The distinct number of users. |
+
+
| AbuseIPDB.IP.Address.Reports |
unknown |
Reports summary (for "verbose" reports) |
@@ -214,11 +254,51 @@
Confidence score fetched from AbuseIPDB |
-| AbuseIPDB.IP.Geo.Country |
-unknown |
+AbuseIPDB.IP.Geo.Country |
+String |
Country associated with this IP Address |
+| AbuseIPDB.IP.Geo.CountryCode |
+String |
+Country code associated with this IP Address |
+
+
+| AbuseIPDB.IP.Hostnames |
+String |
+The hostame(s) of the IP address. |
+
+
+| AbuseIPDB.IP.IpVersion |
+String |
+The version of the IP address. |
+
+
+| AbuseIPDB.IP.IsPublic |
+String |
+Is the IP address public. |
+
+
+| AbuseIPDB.IP.IsTor |
+String |
+Is the IP address a Tor IP. |
+
+
+| AbuseIPDB.IP.IsWhitelisted |
+String |
+Is the IP address whitelisted. |
+
+
+| AbuseIPDB.IP.LastReportedAt |
+String |
+When the IP address was last reported. |
+
+
+| AbuseIPDB.IP.NumDistinctUsers |
+String |
+The distinct number of users. |
+
+
| AbuseIPDB.IP.TotalReports |
unknown |
The number of times this address has been reported |
diff --git a/Packs/AbuseDB/ReleaseNotes/1_0_30.md b/Packs/AbuseDB/ReleaseNotes/1_0_30.md
new file mode 100644
index 000000000000..cb522bbf563d
--- /dev/null
+++ b/Packs/AbuseDB/ReleaseNotes/1_0_30.md
@@ -0,0 +1,13 @@
+#### Integrations
+##### AbuseIPDB
+- Added more outputs to the ***ip*** and ***abuseipdb-check-cidr-block*** commands. The following outputs were added:
+ - *IP.Geo.CountryCode*
+ - *AbuseIPDB.IP.Geo.CountryCode*
+ - *AbuseIPDB.IP.Hostnames*
+ - *AbuseIPDB.IP.IpVersion*
+ - *AbuseIPDB.IP.IsPublic*
+ - *AbuseIPDB.IP.IsTor*
+ - *AbuseIPDB.IP.IsWhitelisted*
+ - *AbuseIPDB.IP.LastReportedAt*
+ - *AbuseIPDB.IP.NumDistinctUsers*
+- Updated the Docker image to: *demisto/python3:3.10.13.83255*.
\ No newline at end of file
diff --git a/Packs/AbuseDB/pack_metadata.json b/Packs/AbuseDB/pack_metadata.json
index b28043626d47..d8d91c3144a9 100644
--- a/Packs/AbuseDB/pack_metadata.json
+++ b/Packs/AbuseDB/pack_metadata.json
@@ -2,7 +2,7 @@
"name": "AbuseIPDB",
"description": "Central repository to report and identify IP addresses that have been associated with malicious activity online. Check the Detailed Information section for more information on how to configure the integration.",
"support": "xsoar",
- "currentVersion": "1.0.29",
+ "currentVersion": "1.0.30",
"author": "Cortex XSOAR",
"url": "https://www.paloaltonetworks.com/cortex",
"email": "",