(Optional) Run enrichment lookup and verify expected results for Whois

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Run the Whois integration to perform enrichment lookups on the domains returned from the Reverse Whois integration.

    시작하기 전에

    Verify that you have installed and configured the Reverse Whois and Whois plugins. Perform these steps only after you have run the domain lookup with the Reverse Whois plugin successfully.

    Role required: sn_si.analyst

    이 태스크 정보

    Results are displayed on the Observable Enrichment Results tab on the Observable record.

    프로시저

    1. Navigate to All > Security Incidents > Incidents > Show All Incidents and locate the security incident you are working with that has run the domain lookup successfully.
    2. Open the record and click the Show All Related Lists related link.
    3. Select the Reverse Whois Domains tab at the bottom of the record.
      Domain results from the lookup.
      In the Domains column, the list of returned domains is displayed.
    4. In the Observable column, click an observable.
      On the Child Observables tab, the child observables are displayed. The child observables are generated only if the initial scan of the observable by the Reverse Whois application returned domains.
      Child observables tab with results.
    5. Select the child observables you want to run the observable enrichment on, and, in the Action on selected rows choice list, select Run Observable Enrichment.
      Child observable selected and choice list.
      The Run Observable Enrichment dialog box is displayed.
    6. Move the Whois integration from Available to Selected and click Submit.
      Whois integration selected for observable enrichment.
      Results are displayed on the Observable Enrichment Results tab of the observable record.
    7. Click the blue information icon then click Open Record in the dialog box that is displayed.
      The observable record.
      Raw data returned from the child observable enrichment.
      More information and raw data related to the original domain lookup is displayed, such as the registration date, name of registrar, and country of origin.
    If you cannot locate child observables or enrichment results, verify that the Reverse Whois integration ran successfully and returned domains. Also, refer to the work notes on the record for more information.