Configure Observable Enrichment

  • Release version: Australia
  • Updated April 27, 2026
  • 2 minutes to read

    • Enrich one or more observables to identify whether they're associated with known threats. The results are based on the enrichment integrations active in your environment.

    Before you begin

    Role required: sn_sec_tisc.admin

    The Threat Intelligence Security Center supports Observable Enrichment only for the WHOIS Integration currently. For more information, see Configure and enable Whois integration.
    Note:
    Enrichment Integrations module is only shown if at least one of the integration supporting any of the capability is installed in the application.

    About this task

    The Observable Enrichment section contains only the integrations with the integration type as observable enrichment. This section displays cards for each of the configured integration implementations that you can activate and use.

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center.
    2. Select the Integrations icon, and select the Observable Enrichment section.
      Observable Enrichment integrations
    3. Select Configure new enrichment.
    4. Select an integration from the list of available integrations.
      This takes you to the Create Enrichment Integration page of the selected integration. This page is pre-filled with details of the selected integration by default. For example, WHOIS integration.

      Select and integration from the list of available integrations

    5. On the Create Integration form, fill the fields.
      FieldDescription
      Enrichment Integration  
      Name Enter a name for the new enrichment integration. For example, WHOIS1.
      Vendor Name Name of the vendor. The details of the selected vendor is pre-filled by default. For example, WHOIS.
      Integration Type Type of integration that you selected, which is Observable Enrichment. The details of the selected integration type is pre-filled by default.
      Description Enter a unique description for the new enrichment integration.
      Create enrichment integration form
    6. In the Integration Configuration section, configure the integration details based on your requirements.
      The Integration Configuration section includes configuration details like API key, API Client ID or secret, username, password, and so on, which you must fill in. These configuration details vary for different apps.
    7. Select the Save action to store and create the new enrichment integration configuration.
      After you select the Save or Enable action, the integration is validated using the given integration configurations. By default, the enrichment integration's status is set to inactive.
    8. Select Save as Draft action to only store the updates made to the enrichment configuration and not create it.
      If you're not sure about the configuration details, you can use the Save as Draft option. After you get the configuration details, you can fill the remaining information in the draft version and create it.
    9. To enable the enrichment integration, select Enable.
      The enrichment integration is enabled successfully. You can also enable, disable, or delete a particular enrichment integration by using the Actions menu of the required integration tile on the Catalog or the Enrichment Integrations page.