IP Reputation Status - Multi Vendor

IP Reputation analyzes the IP Address using Threat Intelligence Analysis to give a verdict on the IP Address and set its risk score.

1. Trigger - retrieves the IP Address from the parent playbook to continue the investigation.

2. If Then - checks if there is an IP Address. If there is, the playbook continues.

3. API - uploads the IP Address into the RecordedFuture API and retrieves the risk score.

4. API - uploads the IP Address into the VirusTotal API and retrieves the malicious score.

5. API - uploads the IP Address into the AbuseIPDB API and retrieves the abuse confidence score.

6. API - uploads the IP Address into the IBM X-Force API and retrieves the risk score.

7. Script - runs a Python script to combine all the analysis scores and set the risk as High, Medium, or Low.

8. Format - formats the score and report from the script.

9. API - uses ServiceNow API to create a ticket about the risk status.

10. End - returns the IP Address and risk score back to the parent playbook.