Using AbuseIPDB in Microsoft Sentinel for IP Reputation and Threat Enrichment.

Enhance Microsoft Sentinel with AbuseIPDB to enrich incidents, assess IP reputation, and automate threat response using playbooks.

UpdatedJune 17, 2025

•1 min read

Using AbuseIPDB in Microsoft Sentinel for IP Reputation and Threat Enrichment.

Ciaran Doherty, AfCIIS, MBCS

Part of seriesMicrosoft

This article is coming soon.

#abuseipdb #microsoft-sentinel #sentinel #siem #playbooks #azure

28 views

Comments

Join the discussion

No comments yet. Be the first to comment.

Microsoft

Part 8 of 9

Up next

Preventing Risky OAuth Consent: How to Stop Users Granting Access to Unverified Apps in Microsoft Entra ID.

This post outlines how to prevent users in your organisation from accepting dangerous OAuth prompts like the one shown below — where a third-party app

More from this blog

Immich Deployment on Windows Server Using Docker, WSL, and SMB-Based Persistent Storage

Designing a Resilient Linux Application Stack on Windows Infrastructure.

Feb 22, 202615 min read8

Immich Deployment on Windows Server Using Docker, WSL, and SMB-Based Persistent Storage

ClickFix Forensics: Proving Execution Beyond the Browser

A deep dive on ClickFix, mapping fake CAPTCHA lures to endpoint code execution, covering investigation, response, and preventative controls.

Dec 21, 20257 min read15

ClickFix Forensics: Proving Execution Beyond the Browser

LAPS: The Local Administrator Password Solution For Windows Devices In Entra ID.

Overview. Prerequisites. Join types. LAPS is only supported on: Microsoft Entra joined devices. Microsoft Entra hybrid joined devices. Microsoft Entra registered devices are not supported. License requirements. LAPS is available to all customers ...

Nov 30, 20252 min read7