Initiate the lookup for Reverse Whois

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 1 minute de lecture

    • Initiate domain lookups using search terms in observables that you manually attach to a security incident record.

    Avant de commencer

    Role required: sn_si.analyst

    Procédure

    1. If not open, navigate to Security Incident > Incidents > Show All Incidents and open the security incident you are working with.
    2. At the bottom of the record, click the Show IoC related link to display the Observables tab.
      Remarque :
      The figures in the following steps are shown with the Tabbed forms setting active in the System Settings. If you do not see tabs on the security incident, in the upper-right corner of the banner frame, click the Settings gear icon. In the System Settings dialog box that is displayed, click Forms and verify that Tabbed forms and With the Form are selected.
      The Observables tab on the Security Incident Form.
    3. On the Observables tab, click New.
    4. Fill in the fields.
      Tableau 1. Required fields on the new record
      Field Description
      Value Unique search term for a domain.
      Observable type This field is automatically cleared.
      Finding This field is automatically set to Unknown.
      Required fields on the new observable record.
    5. Click Submit.
      You are returned to the security incident record and the flow initiates the lookup.

    Que faire ensuite

    Verify the lookup results on the security incident. See Verify expected results for Reverse Whois.