Skip to main content

ipinfo (Deprecated)

Deprecated

Use IPinfo v2 instead.

Use the ipinfo.io API to get data about an IP address

IPinfo v2 is now available#

It's recommended to use IPinfo v2, rather than IPinfo:

  • IPinfo v2 allows setting source reliability.
  • IPinfo v2 enriches data with IP-hostname relationships.
  • On IPinfo v2, the ip-field command has been removed: all outputs are available by running ip.

Configure IPinfo on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for ipinfo.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
proxyUse system proxy settingsFalse
tokenAPI Token (optional)False
insecureTrust any certificate (not secure)False
use_httpsUse HTTPS connectionsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ip#


Check IP reputation (when information is available, returns a JSON with details). Uses all configured Threat Intelligence feeds

Base Command#

ip

Input#

Argument NameDescriptionRequired
ipIP address to query. E.g. !ip 1.1.1.1Required

Context Output#

PathTypeDescription
IP.AddressStringThe IP address
IP.HostnameStringThe IP hostname
IP.ASNStringThe IP ASN
IP.Geo.LocationStringThe IP geographic location in coordinates
IP.Geo.CountryStringThe IP country
IP.Geo.DescriptionStringThe IP location as \<City, Region, Postal Code, Country>
IP.ASOwnerstringThe IP AS owner
IP.FeedRelatedIndicators.valuestringIndicators that are associated with the IP
IP.FeedRelatedIndicators.typestringThe type of the indicators that are associated with the IP
IP.TagsstringTags that are associated with the IP
IP.Registrar.Abuse.AddressstringThe IP registrar abuse address
IP.Registrar.Abuse.CountrystringThe IP registrar abuse country
IP.Registrar.Abuse.NamestringThe IP registrar abuse name
IP.Registrar.Abuse.NetworkstringThe IP registrar abuse network
IP.Registrar.Abuse.PhonestringThe IP registrar abuse phone
IP.Registrar.Abuse.EmailstringThe IP registrar abuse email
IP.Organization.NamestringThe IP organization name
IP.Organization.TypestringThe IP organization type
DBotScore.IndicatorstringThe indicator that was tested.
DBotScore.TypestringThe indicator type.
DBotScore.VendorstringThe vendor used to calculate the score.
DBotScore.ScoreNumberThe actual score.

Command Example#

!ip ip=1.1.1.1

Human Readable Output#

KeyValue
cityMiami
countryUS
hostnameone.one.one.one
ip1.1.1.1
loc25.7867,-80.1800
orgAS13335 Cloudflare, Inc.
postal33132
readmehttps://ipinfo.io/missingauth
regionFlorida
timezoneAmerica/New_York

ipinfo_field#


Retrieve value for a specific field from the IP address information

Base Command#

ipinfo_field

Input#

Argument NameDescriptionRequired
ipIP address to query. E.g. !ip 1.1.1.1Required
fieldName of the field to retrieve. Can be org, city, geo, etc.Required

Context Output#

There is no context output for this command.

Command Example#

!ipinfo_field ip=1.1.1.1 field=city

Human Readable Output#

Miami