Bulk Whois
Integration version: 13.0
Configure Bulk Whois to work with Google Security Operations SOAR
How to obtain API credentials
To obtain API credentials, sign in to your Bulk Whois API account.
Navigate to the My Account section and select API Credentials in the left side menu where your API Key is ready for use.
Network
| Function | Default Port | Direction | Protocol |
|---|---|---|---|
| API | Multivalues | Outbound | apikey |
Configure Bulk Whois integration in Google Security Operations SOAR
For detailed instructions on how to configure an integration in Google Security Operations SOAR, see Configure integrations.
Integration parameters
Use the following parameters to configure the integration:
| Parameter Display Name | Type | Default Value | Is Mandatory | Description |
|---|---|---|---|---|
| Instance Name | String | N/A | No | Name of the Instance you intend to configure integration for. |
| Description | String | N/A | No | Description of the Instance. |
| Api Key | String | N/A | Yes | API key generated in Bulk Whois console. |
| Api Secret | String | N/A | Yes | Generated in Bulk Whois console with API Key. |
| Verify SSL | Checkbox | Checked | No | Use this checkbox, if your Bulk Whois connection requires an SSL verification (unchecked by default). |
| Run Remotely | Checkbox | Unchecked | No | Check the field in order to run the configured integration remotely. Once checked, the option appears to select the remote user (agent). |
Actions
Ping
Description
Test Connectivity.
Parameters
N/A
Run On
This action runs on all entities.
Action Results
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| null | N/A | N/A |
WhoIs Details
Description
Get domain/IP Whois info.
Parameters
N/A
Run On
This action runs on the following entities:
- URL
- Hostname
- IP Address
Action Results
Entity Enrichment
| Enrichment Field Name | Logic - When to apply |
|---|---|
| RegistrarWHOISServer | Returns if it exists in JSON result |
| UpdatedDate | Returns if it exists in JSON result |
| Reseller | Returns if it exists in JSON result |
| DNSSEC | Returns if it exists in JSON result |
| DomainName | Returns if it exists in JSON result |
| RegistrarIANAID | Returns if it exists in JSON result |
| RegistrantCountry | Returns if it exists in JSON result |
| RegistrarAbuseContactEmail | Returns if it exists in JSON result |
| RegistryDomainID | Returns if it exists in JSON result |
| DomainStatus | Returns if it exists in JSON result |
| RegistrarAbuseContactPhone | Returns if it exists in JSON result |
| RegistryExpiryDate | Returns if it exists in JSON result |
| Registrar | Returns if it exists in JSON result |
| RegistrantOrganization | Returns if it exists in JSON result |
| NameServer | Returns if it exists in JSON result |
| CreationDate | Returns if it exists in JSON result |
| RegistrarURL | Returns if it exists in JSON result |
| RegistrantStateProvince | Returns if it exists in JSON result |
| RegistrarRegistrationExpirationDate | Returns if it exists in JSON result |
| LastupdateofWHOISdatabase | Returns if it exists in JSON result |
Script Result
| Script Result Name | Value Options | Example |
|---|---|---|
| is_enriched | True/False | is_enriched:False |
JSON Result
[
{
"EntityResult": {
"RegistrarWHOISServer": " ",
"UpdatedDate": "2018-05-22T09",
"Reseller": " ",
"DNSSEC": "unsigned",
"DomainName": "GOOGLE.CO.IN",
"RegistrarIANAID": "292",
"RegistrantCountry": "US",
"RegistrarAbuseContactEmail": " ",
"RegistryDomainID": "D8357-AFIN",
"DomainStatus": "clientUpdateProhibited",
"RegistrarAbuseContactPhone": " ",
"RegistryExpiryDate": "2019-06-23T14",
"Registrar": "MarkMonitorInc.",
"RegistrantOrganization": "GoogleInc.",
"NameServer": "NS4.GOOGLE.COM",
"CreationDate": "2003-06-23T14",
"RegistrarURL": "http",
"RegistrantState/Province": "CA",
"RegistrarRegistrationExpirationDate": " ",
">>>LastupdateofWHOISdatabase": "2019-01-15T06"
},
"Entity": "GOOGLE.CO.IN"
}
]