Set up WHOIS integration with TISC to perform domain and URL lookups for threat intelligence enrichment. This integration provides context on observables to help determine potential threats.
Before you begin
Role required: sn_sec_tisc.admin
Important: The
Threat Intelligence Security Center and
Whois Observable Enrichment plugins must be installed and active.
Download the Whois integration from the ServiceNow Store and confirm you have a valid Whois account before use. For more information see, Download the integration from the ServiceNow Store.
Procedure
-
Navigate to .
-
In the WHOIS card, select Configure New Enrichment to configure WHOIS integration.
-
Fill in the fields on the Configure New Enrichment form.
Table 1. Enrichment Integration
| Field |
Description |
| Name |
Enter a name for the new enrichment integration. For example, Whois. |
| Vendor Name |
Name of the vendor. The details of the selected vendor populate by default. For example, Whois. |
| Integration Type |
Type of integration that you selected. For example, Threat Lookup. |
| Description |
Enter the description for the new enrichment integration. For example, the description for Whois integration is, The Whois Integration for Threat Intelligence Security Center enables users to submit Whois lookups on domain names and URLs to obtain context on URL observables, and to make better determination on threats. |
-
Drill down to Integration Configuration section.
-
Enter (or paste) the API Key you acquired from the Whois site.
-
Select Save to apply the changes.
The integration details are validated, and by default the Whois integration's status is inactive.
-
Select Enable to enable the Whois integration.
Result
After it is configured, Whois can be selected for performing enrichment on observables in Threat Intelligence Security Center.