Get IP Addresses Reputation
LAST UPDATED: AUG 08, 2024
Inputs a list of IP addresses and returns their risk levels
Implementation | System |
Command Category | Cyber Utility |
Tags | ARTIFACT REPUTATION CONDITION IP |
Inputs
Parameter Name | Required/Optional | Description | Sample Data |
|---|---|---|---|
IP Addresses | Required | IP Addresses array |
CODE
|
Output
Remote Command API
The D3 command API allows you to send requests to D3 SOAR to execute this utility command via REST API.
Request
POST
https:/{base_url}/{api_namespace}/api/Command/GetIpReputationHeaders
Please refer to the page Webhook Configuration Guide - Authentication Method: API Keys for more details.
Request Body
{
"Username": <Username here>,
"Site": <Site here>,
"CommandParams": {
"IP Addresses": <IP Addresses array>
}
}Body Parameters
Parameter Name | Type | Required/Optional | Description |
|---|---|---|---|
Username |
| Required | The username of your D3 SOAR account. |
Site |
| Required | The D3 SOAR site to run the remote command. |
IP Addresses |
| Required | IP Addresses array |
Sample Request
SAMPLE DATA
{
"Username": "Admin",
"Site": "Security Operations",
"CommandParams": {
"IP Addresses": [
"13.64.156.26",
"13.64.156.27",
"13.64.156.28",
"13.64.156.22",
"13.64.156.29"
]
}
}Response
Response Fields
Field Name | Type | Description |
|---|---|---|
error |
| The error message if the API request has failed. |
returnData |
| The return data from the API request. |
contextData |
| The context data from the API request. |
Sample Response
{
"error": "",
"returnData": "Succeed",
"contextData": [
{
"IPAddress": "13.64.156.27",
"RiskLevel": "Low"
},
{
"IPAddress": "13.64.156.28",
"RiskLevel": "High"
},
{
"IPAddress": "13.64.156.22",
"RiskLevel": "Medium"
},
{
"IPAddress": "13.64.156.29",
"RiskLevel": "Zero"
},
{
"IPAddress": "13.64.156.26",
"RiskLevel": "N/A"
}
]
}