Enricher - PassiveTotal Whois#
Note
RiskIQ has been acquired by Microsoft.
Some of the features provided by the PassiveTotal enrichers are now provided by Enricher - Microsoft Defender Threat Intelligence.
Please note: Microsoft Defender Threat Intelligence enrichers are not a drop-in replacement for PassiveTotal enrichers. You may find differences in features available and ingested data. For more information, see the documentation.
Note
This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.
Specifications |
|
|---|---|
Enricher name |
PassiveTotal Whois |
Input |
Domain, host, and IP addresses (ipv4 and ipv6). |
Output |
Enriches supported observable types with whois information. |
API endpoint |
|
Description |
The PassiveTotal Whois enricher provides information about individuals or entities associated with an IP address or a domain name, as well as geolocation details. Analysts can retrieve registrar, organization, country, city, street, telephone, and email details. They can then use these details to run further queries to obtain, for example, more domain names associated with the same individual or the same company. |
Requirements#
Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials to access the API endpoint exposing the service.
Configure the enricher parameters#
Edit the enricher.
From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the PassiveTotal Whois enricher.
The API URL field is automatically filled in with the default domain for the endpoint.
You can add a proxy or set up ports according to your needs.
Default value:https://api.passivetotal.org/v2.In the API key field, enter your API key.
In the Email field, enter the email address associated with the PassiveTotal Whois account to access and consume the PassiveTotal Whois API service.
To store your changes, click Save; to discard them, click Cancel.