Before you use the Whois integration, you must download it from the ServiceNow Store, and must have a valid account from Whois.
시작하기 전에
Role required: sn_sec_tisc.admin
The Threat Intelligence Security Center and Whois observable integration plugins are required.
프로시저
-
Using your instance, access Threat Intelligence Security Center.
-
Download the integration from the ServiceNow Store.
-
When the installation is complete, navigate to .
-
Select .
-
Alternatively, you can navigate to .
-
In the WHOIS card, click Configure New Enrichment to configure WHOIS integration.
-
Fill in the fields on the Configure New Enrichment form.
표 1. Enrichment Integration
| Field |
Description |
| Name |
Enter a name for the new enrichment integration. For example, WHOIS. |
| Vendor Name |
Name of the vendor. The details of the selected vendor is populated by default. For example, WHOIS. |
| Integration Type |
Type of integration that you selected. For example, Threat Lookup. |
| Description |
Enter the description for the new enrichment integration. For example, the description for WHOIS integration is, The WHOIS Integration for Threat Intelligence Security Center enables users to
submit Whois lookups on domain names and URLs to obtain context on URL observables, and to make better determination on threats. |
-
Drill down to Integration Configuration section.
-
Enter (or paste) the API Key you acquired from the WHOIS site.
-
Click Save.
The integration details are validated, and by default the WHOIS integration's status is disabled.
-
Click Enable to enable the WHOIS integration.
결과
After it is configured, WHOIS can be selected for performing enrichments on observables in Threat Intelligence Security Center.