Enrich Observable WhoIs workflow

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • The Enrich Observable WhoIs workflow performs enrichment on selected observables. If the observables are of a type recognized by the WhoisXML API Integration, the observables are enriched.

    Avant de commencer

    Role required: admin

    Pourquoi et quand exécuter cette tâche

    This workflow is triggered by the Security Operations Integration- Enrich Observable capability when you perform enrichment on one or more observables, and the WhoIs implementation is selected.

    Figure 1. Enrich Observable WhoIs workflow
    Enrich Observable WhoIs workflow

    Activities specific to this integration are described here. For more information on other activities, see Common Security Operations integration flows and orchestration activities.

    Observable Enrichment Lookup activity

    The Observable Enrichment Lookup workflow activity initiates the observable enrichment process.

    The Observable Enrichment Lookup activity can be used with any observables workflow to begin enrichment.

    Results

    Possible results for this activity are:

    Tableau 1. Results
    Result Description
    Success The lookup is successful.
    Fail An error occurred while attempting to perform the lookup. More error information is available in the activity output error.

    Input variables

    Input variables determine the initial behavior of the activity.

    Variable Description
    implementation_id System identifier of the implementation used to perform the lookup.
    domain_id The domain identifier for the domain within which the lookup is being performed.
    observable_ids One or more observables to perform the desired action against. The IDs are used as a workflow input.
    capabilityExcutionId System identifier of the capability that launched the implementation workflow. Only required for Integration Capability implementation workflows such as Splunk, Elasticsearch.
    task_sys_id System identifier for any task associated with the workflow.

    Output variables

    The output variables contain data that can be used in subsequent activities.

    Tableau 2. Output variables
    Variable Description
    response_data Raw data returned by the implementation's API endpoint for the given domain.
    mapping_id The identifier for the enrichment mapping. For example, the WhoIs integration returns data in two different format, IP and URL, with a mapping id for each.