When using the AbuseIPDB integration in EvidenceHub, you may encounter error codes. This guide explains common error codes, their meanings, and how to resolve them.

Error Code Overview

Status Code	Description	Solution
401	Authentication Failed	Verify API key
422	Invalid IP Address	Check IP format

Detailed Explanations

401 Unauthorized

Message: Authentication failed. Your API key is either missing, incorrect, or revoked. Note: The APIv2 key differs from the APIv1 key.

Resolution:

• Ensure you're using the correct API key for AbuseIPDB v2.
• Check that the API key is correctly entered in your EvidenceHub configuration.
• Verify that your AbuseIPDB account and API key are active and not revoked.
• If you recently upgraded from AbuseIPDB v1 to v2, make sure you're using the new API key.

Steps to Take:

1. Log in to your AbuseIPDB account and navigate to the API section.
2. Copy your APIv2 key.
3. In EvidenceHub, go to the AbuseIPDB integration settings.
4. Paste the correct API key and save your configuration.
5. Try your query again.

422 Unprocessable Entity

Message: The IP address must be a valid IPv4 or IPv6 address (e.g. 8.8.8.8 or 2001:4860:4860::8888).

Resolution:

• Ensure the IP address you're querying is in the correct format.
• Check for any typos or formatting errors in the IP address.
• Verify that you're not trying to submit a hostname or domain name instead of an IP address.

Valid IP Address Formats:

• IPv4: Four groups of numbers separated by dots (e.g., 192.168.1.1)
• IPv6: Eight groups of four hexadecimal digits separated by colons (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334)

Steps to Take:

1. Review the IP address you're trying to query.
2. Ensure it's in the correct IPv4 or IPv6 format.
3. If you're unsure about the format, use an IP address validator tool online.
4. Correct any formatting issues and try your query again.

General Troubleshooting Tips for AbuseIPDB Integration

1. API Key Management:
   • Regularly check and update your API key to ensure continued access.
   • Do not share your API key with others to maintain account security.
2. Rate Limiting:
   • Be aware of AbuseIPDB's rate limits for your account type.
   • Implement proper error handling in your queries to manage rate limit errors.
3. Data Accuracy:
   • Ensure the IP addresses you're querying are current and accurate.
   • Consider the context and source of the IP addresses you're investigating.
4. Integration Updates:
   • Keep your EvidenceHub integration with AbuseIPDB up to date.
   • Check for any announcements from AbuseIPDB about API changes or updates.
5. Error Logging:
   • If you encounter persistent errors, log the full error messages and the queries that caused them.
   • This information can be valuable when seeking support from EvidenceHub or AbuseIPDB.

For additional assistance or if you encounter errors not listed here, please contact EvidenceHub support or consult the AbuseIPDB API documentation.

Additional Resources

• AbuseIPDB API Documentation
• IP Address Format Guide
• EvidenceHub Integration Guide for AbuseIPDB

Remember to always use AbuseIPDB and other threat intelligence services responsibly and in compliance with all applicable laws and regulations.