Enricher - PyDat

This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.


Enricher name



Domain and IP addresses (ipv4 and ipv6).


Enriches supported observable types with whois data, current IP resolution and passive DNS information.
Analysts can retrieve name, organization, country, city, street, ZIP code, telephone, and email details.

API endpoint



The PyDat enricher provides whois, including historical whois, and passive DNS lookup information.


Users need to install and set up PyDat locally. The product does not work outside a local network.

Before accessing PyDat features through the API endpoint, you need to configure the host.
For more information, see: Mitre blog on PyDat and PyDat GitHub repo.

Configure the enricher parameters

  1. Edit the enricher.

  2. In the API URL field, enter the URL allowing access to the local PyDat instance.
    Example: http://${pydat_instance_url}:8000/.

  3. To store your changes, click Save; to discard them, click Cancel.

See also