ipinfo

Use the ipinfo.io API to get data about an IP address

Configure ipinfo on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for ipinfo.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
proxyUse system proxy settingsFalse
tokenAPI Token (optional)False
insecureTrust any certificate (not secure)False
use_httpsUse HTTPS connectionsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

ip#


Check IP reputation (when information is available, returns a JSON with details). Uses all configured Threat Intelligence feeds

Base Command#

ip

Input#

Argument NameDescriptionRequired
ipIP address to query. E.g. !ip 1.1.1.1Required

Context Output#

PathTypeDescription
IP.AddressStringThe IP address
IP.HostnameStringThe IP hostname
IP.ASNStringThe IP ASN
IP.Geo.LocationStringThe IP geographic location in coordinates
IP.Geo.CountryStringThe IP country
IP.Geo.DescriptionStringThe IP location as \<City, Region, Postal Code, Country>

Command Example#

!ip ip=1.1.1.1

Human Readable Output#

KeyValue
cityMiami
countryUS
hostnameone.one.one.one
ip1.1.1.1
loc25.7867,-80.1800
orgAS13335 Cloudflare, Inc.
postal33132
readmehttps://ipinfo.io/missingauth
regionFlorida
timezoneAmerica/New_York

ipinfo_field#


Retrieve value for a specific field from the IP address information

Base Command#

ipinfo_field

Input#

Argument NameDescriptionRequired
ipIP address to query. E.g. !ip 1.1.1.1Required
fieldName of the field to retrieve. Can be org, city, geo, etc.Required

Context Output#

There is no context output for this command.

Command Example#

!ipinfo_field ip=1.1.1.1 field=city

Human Readable Output#

Miami