IP Parser — Demo · miguelortiz.ai

Stage 01

Intake

Paste raw threat report

Threat report · firewall syslog excerpt

Stage 02

Extract

Pull every IP from the blob · regex /\b(?:\d{1,3}\.){3}\d{1,3}\b/g

Source · highlighted as matched

Extracted 0 candidates

0

Total matches

0

Unique after dedupe

Stage 03

Filter

Apply exclusion rules in sequence

Private / reserved

0removed

RFC1918 · loopback · link-local

Known bad (internal DB)

0removed

Already deployed previously

Company allowlist

0removed

Corporate / branch ranges

Non-IP / malformed

0removed

Partial octets · timestamps

0

Entered

0

Dropped

0

Master list

Stage 04

Risk Scoring

Wizard · AbuseIPDB · threshold 75%

GET https://api.abuseipdb.com/api/v2/check · per-IP confidence

Entries below the 75% confidence threshold are discarded. Configurable per run so reviewers can tighten or loosen the bar based on the report source.

0

Kept · ≥ 75%

0

Dropped · < 75%

Stage 05

Deploy

Generate firewall-ready artifacts

Stage 06

Database

Update internal DB · manual repair UI

Commit log

Reputation repair queue

203.0.113.12 Deployed 2025-11-04

198.51.100.202 Deployed 2026-02-19

192.0.2.45 Deployed 2026-03-28

PDF ingestion

Drop a vendor PDF (Proofpoint, ThreatIntel, etc.) and the parser extracts IPs from tables, paragraphs, and footers automatically.

Planned

Email + ticket creation

Watch an Outlook inbox, auto-parse new reports, and open a ServiceNow/Jira ticket with the deployment artifacts attached.

Planned