Verify expected results for manual WHOISIQ lookups

  • Release version: Zurich
  • Updated March 12, 2026
  • 1 minute to read

    • Run a manual lookup on an observable when it does not automatically generate a security incident. For observable enrichment lookups using the WHOISIQ API for email addresses, organization names, phone numbers, or mailing addresses, initiate the lookup manually from the Observables table.

    Before you begin

    Role required: sn_si.analyst

    About this task

    Create an observable for a manual lookup using the WHOISIQ API. For more information on how to create and edit an observable, see Create an observable for manual WHOISIQ lookups.

    Procedure

    1. Navigate to All > IoC Repository > Observables and locate the observable in the list you're working with.
    2. Select your observable in the Value column to open the record.
    3. Select the Run Observable Enrichment related link to run the lookup.
    4. In the Run Observable Enrichment window, move RiskIQ Whois to the Selected list.
    5. Select Submit.
      Lookup results are displayed on the Observable Enrichment Results tab on the observable record.
    If no results are returned for the observable, a message is displayed in the Summary column. If you don't see results, verify the observable is supported by the API.