Initiate the lookup for Reverse Whois

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 2분

    • Initiate domain lookups using search terms in observables that you manually attach to a security incident record.

    시작하기 전에

    Role required: sn_si.analyst

    프로시저

    1. If not open, navigate to Security Incident > Incidents > Show All Incidents and open the security incident you are working with.
    2. At the bottom of the record, click the Show IoC related link to display the Observables tab.
      주:
      The figures in the following steps are shown with the Tabbed forms setting active in the System Settings. If you do not see tabs on the security incident, in the upper-right corner of the banner frame, click the Settings gear icon. In the System Settings dialog box that is displayed, click Forms and verify that Tabbed forms and With the Form are selected.
      The Observables tab on the Security Incident Form.
    3. On the Observables tab, click New.
    4. Fill in the fields.
      표 1. Required fields on the new record
      Field Description
      Value Unique search term for a domain.
      Observable type This field is automatically cleared.
      Finding This field is automatically set to Unknown.
      Required fields on the new observable record.
    5. Click Submit.
      You are returned to the security incident record and the flow initiates the lookup.

    다음에 수행할 작업

    Verify the lookup results on the security incident. See Verify expected results for Reverse Whois.