Enrich threat observables with AbuseIPDB

Latest Dynatrace Preview

The Dynatrace integration with AbuseIPDB enhances alerts and detection investigations by providing valuable context for threat intelligence. This helps organizations combat online abuse, including cyber-attacks, spamming, and other malicious activities.

By enriching observability with reputation data from AbuseIPDB, you can conduct more efficient security investigations, automate alert triaging, and reduce noise through threat-aware prioritization. This streamlines incident response and enhances overall security posture.

How it works

abuseipdb mechanism

Dynatrace integration with AbuseIPDB is an app that you can install from Dynatrace Hub.

The app delivers a workflow action for observable enrichment in Workflows.

Various consumer apps can perform an on-demand enrichment of observables, for example, via a workflow action.

Dynatrace reaches out to AbuseIPDB to perform the observable enrichment.

The threat intelligence context is displayed within the consumer apps or in Workflows, helping you drive smarter decisions.

Prerequisites

Register with AbuseIPDB, then go to User account > API and create an API v2 key.

Get started

  1. In Dynatrace, open Dynatrace Hub.

  2. Look for AbuseIPDB and select Install.

  3. Select Set up , then select Configure new connection.

  4. Follow the on-screen instructions to set up the connection using the API key obtained in Prerequisites.

  1. Test the connection to ensure the correct configuration and save it.

Use cases

Once you set up the AbuseIPDB integration, you can leverage threat intelligence to enrich observables like IP addresses.

Key use cases include:

    1. In Workflows Workflows, create a new workflow or edit an existing one.
    2. In the Choose action pane, search for AbuseIPDB and select the AbuseIPDB check IP action.
    3. Enter the parameters required for the action to run.
    4. Run the workflow to validate the action and review the results.
    5. Continue with your automation definition.

    workflow sample

  • Threat-informed security investigations Coming soon

  • Automated threat-alert triaging Coming soon

FAQ

Which observable types are currently supported?

Supported observables: IP addresses (more coming soon).

How will my AbuseIPDB API quotas will be affected from this integration?

For every new observable enrichment we perform a single API call.