RiskIQ-Data-Whois

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

This playbook uses the RiskIQ PassiveTotal connector to automatically enrich incidents generated by Microsoft Sentinel. WHOIS is akin to a phone book for the Internet; it reveals the owners behind domain registrations and IP address hosting. Analysts can leverage WHOIS, both active and historic, in order to identify analytical leads. This data can sometimes reveal the threat actor behind a given set of infrastructure or provide deeper context as to what else may be related. This playbook will qu

Attribute	Value
Type	Playbook
Solution	RiskIQ
Source	View on GitHub

Additional Documentation

📄 Source: RiskIQ-Data-Whois/readme.md

Overview

Prerequisites

This playbook inherits API connections created and established within a base playbook. Ensure you have deployed RiskIQ-Base prior to deploying this playbook. You will need your API credentials (email/secret) when configuring that playbook. Those can be found on your account settings page. For enterprise customers, it's preferred to use the "organization" credential pair, not the user. If you have trouble accessing your account or your credentials contact your account representative (support[@]riskiq.com).

Deployment

Post-Deployment Instructions

After deploying the playbook, you must authorize the connections leveraged.

Visit the playbook resource.
Under "Development Tools" (located on the left), click "API Connections".
Ensure each connection has been authorized.

Note: If you've deployed the RiskIQ-Base playbook, you will only need to authorize the Microsoft Sentinel connection.

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Playbooks · Back to RiskIQ