# AbuseIPDB

## Overview

The AbuseIPDB integration brings IP reputation data directly into Sola AI, enabling security teams to enrich investigations with real-world abuse reports, confidence scores, and blacklist data.

With the AbuseIPDB integration, you can:

* Check IP addresses for abuse confidence scores, country, ISP, and report history during active investigations.
* Report malicious IP addresses with relevant abuse categories directly from Sola.
* Query the AbuseIPDB blacklist to surface high-confidence malicious IPs based on your specific criteria.

{% hint style="warning" %}
**Sola can only perform the actions you approve.**

Connectors require explicit permission to access or act on external systems. Permissions are securely managed at the workspace, app, and chat level to ensure control at every step.
{% endhint %}

## Set up AbuseIPDB connector integration with Sola

{% columns %}
{% column width="66.66666666666666%" %}
Go to ***Integrations*** > [***Connectors***](https://app.sola.security/integrations/connectors) > click ***New connector*** > select ***AbuseIPDB***.

*The Sola wizard will take you through the steps.*
{% endcolumn %}

{% column width="33.33333333333334%" %} <a href="https://app.sola.security/integrations/connectors?connector=abuseipdb" class="button primary">Set up AbuseIPDB -></a>

{% endcolumn %}
{% endcolumns %}

### Connect AbuseIPDB to Sola

To connect AbuseIPDB, you'll need an [AbuseIPDB account](https://www.abuseipdb.com/) and an API key.

{% tabs %}
{% tab title="API Token" %}
This method uses an AbuseIPDB API token to grant Sola access to your AbuseIPDB account.
{% endtab %}
{% endtabs %}

<details>

<summary>How do I set up an AbuseIPDB connector using an API key? </summary>

To connect, you'll need an [AbuseIPDB account](https://www.abuseipdb.com/).

1. Create your API key
   * In your AbuseIPDB account, go to ***My API*** and select **Keys**.
   * Enter a name for your key (e.g. "Sola Integration") and click **Create**.
   * Copy the generated API key.
2. Paste the API key in the Sola wizard.
3. Click *Test Connection* to validate the details and continue.

</details>

## Available actions with the AbuseIPDB connector

* **Check IP address** - Query the abuse confidence score, country, ISP, and report history for a given IP address.
* **Report IP address** - Submit an abuse report for a suspicious IP address with one or more abuse categories.
* **Get blacklist** - Query the AbuseIPDB blacklist for IP addresses reported for abuse, filtered by confidence score or report count.

## Example prompts

During investigations, you can use the AbuseIPDB connector to:

{% code overflow="wrap" %}

```
Check the reputation of <IP address> using AbuseIPDB
```

{% endcode %}

{% code overflow="wrap" %}

```
Is <IP address> malicious? Check it on AbuseIPDB
```

{% endcode %}

{% code overflow="wrap" %}

```
Get the AbuseIPDB blacklist of the top 10 most reported IPs with a confidence score above 95%
```

{% endcode %}

{% code overflow="wrap" %}

```
Report <IP address> to AbuseIPDB for SSH brute force attempts
```

{% endcode %}

{% code overflow="wrap" %}

```
Check <IP address> on AbuseIPDB and tell me if it's safe to allow traffic from it
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sola.security/integrations/connectors/abuseipdb.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.