Enricher - PassiveTotal IP/Domain


This article describes the specific configuration options to set up the enricher.
To configure the general options for the enricher, see Configure the general options.

Specifications

Enricher name

PassiveTotal IP/Domain

Input

Domain, host, and IP addresses (ipv4 and ipv6).

Output

Enriches supported observable types with enrichment information.

API endpoint

https://api.passivetotal.org/v2

Description

The PassiveTotal IP/Domain enricher provides additional information for the queried IP address or domain name.
Polls data from the PassiveTotal API. It provides additional context related to the queried IP address or domain name.
For example, it returns domain name, any sub-domains, inet details, autonomous systen number (ASN), as well as geolocation information.
Analysts can query the returned data to look for further connections that may be relevant during an investigation.

Requirements

Users need an API key for their own configuration. Sign up and subscribe to the service to obtain the required API key credentials to access the API endpoint exposing the service.

Configure the enricher parameters

  1. Edit the enricher.

  2. From the Observable types drop-down menu, select one or more observable types you want to enrich with data retrieved through the PassiveTotal IP/Domain enricher.

  3. The API URL field is automatically filled in with the default domain for the endpoint.
    You can add a proxy or set up ports according to your needs.
    Default value: https://api.passivetotal.org/v2.

  4. In the API key field, enter your API key.

  5. In the Email field, enter the email address associated with the PassiveTotal IP/Domain account to access and consume the PassiveTotal IP/Domain API service.

  6. To store your changes, click Save; to discard them, click Cancel.

See also