Enricher - PyDat#

Note

This article describes how to configure a particular enrichment source. To see how to configure enrichers in general, see Configure enrichers.

Specifications

Enricher name

PyDat

Input

Domain and IP addresses (ipv4 and ipv6).

Output

Enriches supported observable types with whois data, current IP resolution and passive DNS information. Analysts can retrieve name, organization, country, city, street, ZIP code, telephone, and email details.

API endpoint

http://${pydat_instance_url}:8000/{Input}

Description

The PyDat enricher provides whois, including historical whois, and passive DNS lookup information.

Requirements#

Users need to install and set up PyDat locally. The product does not work outside a local network.

Before accessing PyDat features through the API endpoint, you need to configure the host.
For more information, see: Mitre blog on PyDat and PyDat GitHub repo.

Configure the enricher parameters#

  1. Edit the enricher.

  2. In the API URL field, enter the URL allowing access to the local PyDat instance.
    Example: http://${pydat_instance_url}:8000/.

  3. To store your changes, click Save; to discard them, click Cancel.