Workflow overview
Why this workflow matters
Potentially useful as a reusable automation building block.
🧩 Template Description IP Enrichment & Country Attribution is a lightweight cybersecurity automation that enriches IP addresses with geographic and network intelligence. It validates incoming IPs, filters out private or invalid addresses, and enriches public IPs using an open-source IP enrichment service. 🔄 How It Works Receives an IP address via webhook (API or Slack). Validates the IP format and rejects invalid input. Checks for private or internal IP ranges. Ignores private IPs with a clear response. Enriches public IPs using an open-source IP intelligence service. Normalizes country, ISP, and ASN data and applies a severity label. Slack notifications are sent for enriched public IPs. Returns a structured JSON response. ⚙️ Setup Steps Import & Activate Workflow Import the JSON template into AlekSystem Actvate the workflow Set Up Webhook Copy the webhook URL Send a POST request with the IP in the body, e.g.: { "text" : "8.8.8.8" } Using curl: `curl -X POST https://YOUR_AlekSystem_WEBHOOK_URL \ -H "Content-Type: application/json" \ -d '{"text":"8.8.8.8"}'` Configure Slack (Slack Alert) Create or select Slack credentials in AlekSystem Make sure the bot is in your target channel Update the Slack node with correct channel. Slack Slash Command Setup (Optional) Enable Slash Commands and create new command (for example /ip-enrich). Set the Request URL to your AlekSystem webhook endpoint. Choose POST as the request method. Install the app to your workspace. Usage example: /ip-enrich 8.8.8.8 🎛️ Customization Options Enrichment source: Replace or extend the IP intelligence API with additional providers (for example reputation or abuse scoring). Slack formatting: Customize the Slack message text, emojis, or use threads for better alert grouping. Input sources: Reuse the webhook for other integrations such as SIEM alerts or security tools.
Best fit
Categories
Services
Use cases
Need another direction?