Enricher - PyDat

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

	Specifications
Enricher name	PyDat
Input	Domain and IP addresses (ipv4 and ipv6).
Output	Enriches supported observable types with whois data, current IP resolution and passive DNS information. Analysts can retrieve name, organization, country, city, street, ZIP code, telephone, and email details.
API endpoint	http://${pydat_instance_url}:8000/{Input}
Description	The PyDat enricher provides whois, including historical whois, and passive DNS lookup information.

Requirements

Users need to install and set up PyDat locally. The product does not work outside a local network.

Before accessing PyDat features through the API endpoint, you need to configure the host.
For more information, see: Mitre blog on PyDat and PyDat GitHub repo.

Configure the enricher parameters

1. Edit the enricher.

2. In the API URL field, enter the URL allowing access to the local PyDat instance.
   Example: http://${pydat_instance_url}:8000/.

3. To store your changes, click Save; to discard them, click Cancel.