Verify expected results for Reverse Whois

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 3분

    • Enrichment results are displayed on the ReverseWhois Domains tab at the bottom of the security incident record. Locate the lookup results to verify that the lookup ran successfully.

    시작하기 전에

    Role required: sn_si.analyst

    프로시저

    1. If not already open, navigate to Security Incidents > Incidents > Show All Incidents and locate the security incident you are working with.
      Work notes for the successful flow.
      After the application is configured and you have attached an observable, the flow launches automatically. The work notes on the security incident record display the execution and completion status of the lookup.

      Work notes for the successful flow completion.

    2. If you cannot verify that the lookup ran successfully, review the work notes for more information on how to proceed.
      Work notes for an error.
    3. Navigate to the bottom of the security incident and click the Show All Related Lists related link.
      주:
      For the filtered lookup results shown in the following figure, the configuration settings in the Reverse Whois API configuration tile were saved with 1991-06-01 entered in the Since date field.
      Domain lookup results.
      Enrichment results are displayed on the ReverseWhois Domains tab. The active domains for this observable are displayed in the Domain column.
    4. Click the blue information icon next to an item then click Open record in the dialog box that is displayed.
      Raw data on an observable.
      The record is displayed with enrichment details, including the raw data.
    5. Navigate back to the security incident, and with the ReverseWhois Domains tab selected, click an observable in the Observable column to open a record.
      Child observables tab with results.
      The child observables are displayed on the Child Observables tab on the Observable record. The child observables are generated only if the Reverse Whois application has returned domains.
    If the lookup does not successfully complete, verify that the search terms you entered are supported by the integration. Review the work notes for more information.

    다음에 수행할 작업

    For more enrichment data on the domain lookup results, you can run the Whois integration to perform enrichment lookups on the child observables returned by the Reverse Whois integration. This enrichment data on the child observables includes information on registration date, name of registrar, and country of origin.