Features

AbuseIO’s main features:

  • Receive (through a mailserver handler, e.g. Postfix) abuse messages and automatically parse them into abuse reports
  • Combine reports that already have an open case to reduce the amount of noise
  • Classify each type of abuse and create actions on specific cases
  • Create locally defined customers and/or netblocks or easily integrate your own IPAM system to resolve IP addresses to customers
  • Set automatic (re)notifications per case or customer
  • Set automatic escalation paths, triggers and actions
  • Allow customers to reply, close or add notes to cases, keeping them organized
  • Link customers to a self help portal in case they need more help
  • Works with IPv4 and IPv6 addresses
  • Hook events to external scripts, i.e. tooling that places hosts in quarantaine

Available parsers / collectors:

Parsers being developed:

  • Bambenek
  • Arbor
  • Autoshun
  • Brute Force Blocker project
  • DragonBot
  • Malc0de
  • abuse.ch
  • Open blacklist
  • Phishtank
  • CI Army (http://www.ciarmy.com/#list)