The Criminal IP Action enables analysts to enrich IP Address indicators with contextual intelligence sourced from the Criminal IP platform, which provides data such as open ports, vulnerabilities, and WHOIS information to help identify malicious activity.

The integration provides the following action:

• Criminal IP - Get Malicious Info - queries the Criminal IP API to enrich an IP Address with intelligence indicating whether the indicator is malicious, along with additional contextual data used to support the assessment of the IOC.

The integration is compatible with and returns enriched IP Address type indicators.

Note: This action is intended for use with ThreatQ TDR Orchestrator (TQO). An active TQO license is required for this feature.